CVE-2026-31053

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.2 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H                                    

Vulnerability Description

A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.

Vulnerability Details

Published Date

April 06, 2026

Last Modified

April 07, 2026

CWE ID

CWE-415

Source

NVD

External References

https://github.com/rizinorg/rizin/issues/5753
https://github.com/rizinorg/rizin/pull/5795

CVE-2026-31053

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment