Source: radare2 Version: 6.1.6+ds-3 Severity: grave Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for radare2. CVE-2026-14757[0]: | A vulnerability was determined in radareorg radare2 up to 6.1.6. | This affects the function core_anal_bytes of the file | libr/core/cmd_anal.inc. This manipulation causes integer overflow. | The attack needs to be launched locally. The exploit has been | publicly disclosed and may be utilized. It is suggested to install a | patch to address this issue. CVE-2026-14758[1]: | A vulnerability was identified in radareorg radare2 up to 6.1.6. | This vulnerability affects the function cmd_anal_opcode of the file | libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such | manipulation leads to integer overflow. The attack needs to be | performed locally. The exploit is publicly available and might be | used. The name of the patch is | 84e773986e7e5bb30453a9384f498ec0ccc9d0a9. A patch should be applied | to remediate this issue. CVE-2026-14759[2]: | A security flaw has been discovered in radareorg radare2 up to | 6.1.6. This issue affects the function | r_bin_java_inner_classes_attr_calc_size of the file | shlr/java/class.c of the component RBinJava Line Number Table | Parser. Performing a manipulation results in heap-based buffer | overflow. The attack requires a local approach. The exploit has been | released to the public and may be used for attacks. The patch is | named cd62d15a6cbecdc67fd03f3ebdbbbeb741d18f87. To fix this issue, | it is recommended to deploy a patch. CVE-2026-14760[3]: | A weakness has been identified in radareorg radare2 up to 6.1.6. | Impacted is the function r_core_seek_arch_bits of the file | libr/core/disasm.c of the component regprofile Handler. Executing a | manipulation can lead to use after free. The attack requires local | access. The exploit has been made available to the public and could | be used for attacks. This patch is called | 8b25c773785d85cb0103410a0905089d286921c2. It is advisable to | implement a patch to correct this issue. CVE-2026-14761[4]: | A security vulnerability has been detected in radareorg radare2 up | to 6.1.6. The affected element is the function | r_str_ndup/r_str_append of the file libr/util/str.c. The | manipulation leads to integer overflow. An attack has to be | approached locally. The exploit has been disclosed publicly and may | be used. The identifier of the patch is | a20a56917ae85d732e683f8d9078bdcfee92446c. Applying a patch is the | recommended action to fix this issue. CVE-2026-14786[5]: | A security flaw has been discovered in radareorg radare2 up to | 6.1.6. This impacts the function r_str_word_get0set of the file | libr/util/str.c. The manipulation results in integer overflow. The | attack must be initiated from a local position. The exploit has been | released to the public and may be used for attacks. The patch is | identified as 11ac224c0eb8d57830fccc99e1c1cd8e5d958813. It is best | practice to apply a patch to resolve this issue. CVE-2026-14787[6]: | A weakness has been identified in radareorg radare2 up to 6.1.6. | Affected is the function cmd_print in the library | libr/core/cmd_print.inc of the component pb Print Command Handler. | This manipulation causes integer overflow. The attack needs to be | launched locally. The exploit has been made available to the public | and could be used for attacks. Patch name: | 2b6265476c75567006b0fcbb749f4ae7b189c5df. It is recommended to apply | a patch to fix this issue. CVE-2026-14788[7]: | A security vulnerability has been detected in radareorg radare2 up | to 6.1.6. Affected by this vulnerability is the function | r_core_bin_load of the file libr/core/cfile.c. Such manipulation | leads to use after free. The attack needs to be performed locally. | The exploit has been disclosed publicly and may be used. The name of | the patch is 635ab1eeb30340c26076722a90cb91fb2272130b. Applying a | patch is advised to resolve this issue. CVE-2026-14789[8]: | A vulnerability was detected in radareorg radare2 up to 6.1.6. | Affected by this issue is some unknown functionality of the file | libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream | Parser. Performing a manipulation results in stack-based buffer | overflow. The attack requires a local approach. The exploit is now | public and may be used. The patch is named | 175d4addb68981331c85b10681c2161c38fb5762. It is suggested to install | a patch to address this issue. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-14757 https://www.cve.org/CVERecord?id=CVE-2026-14757 [1] https://security-tracker.debian.org/tracker/CVE-2026-14758 https://www.cve.org/CVERecord?id=CVE-2026-14758 [2] https://security-tracker.debian.org/tracker/CVE-2026-14759 https://www.cve.org/CVERecord?id=CVE-2026-14759 [3] https://security-tracker.debian.org/tracker/CVE-2026-14760 https://www.cve.org/CVERecord?id=CVE-2026-14760 [4] https://security-tracker.debian.org/tracker/CVE-2026-14761 https://www.cve.org/CVERecord?id=CVE-2026-14761 [5] https://security-tracker.debian.org/tracker/CVE-2026-14786 https://www.cve.org/CVERecord?id=CVE-2026-14786 [6] https://security-tracker.debian.org/tracker/CVE-2026-14787 https://www.cve.org/CVERecord?id=CVE-2026-14787 [7] https://security-tracker.debian.org/tracker/CVE-2026-14788 https://www.cve.org/CVERecord?id=CVE-2026-14788 [8] https://security-tracker.debian.org/tracker/CVE-2026-14789 https://www.cve.org/CVERecord?id=CVE-2026-14789 Regards, Salvatore

