CVE-2026-31053

Published: Apr 6, 2026

Modified: Apr 6, 2026

PUBLISHED

Description

A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/rizinorg/rizin/issues/5753

https://github.com/rizinorg/rizin/pull/5795

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31053

Description

Affected Products

References