Vulnerability Details CVE-2026-22780
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.2%
CVSS Severity
CVSS v3 Score 4.4
References
- https://github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.c#L200
- https://github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989
- https://github.com/rizinorg/rizin/issues/5768
- https://github.com/rizinorg/rizin/pull/5770
- https://github.com/rizinorg/rizin/releases/tag/v0.8.2
- https://github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjj
Products affected by CVE-2026-22780
-
cpe:2.3:a:rizin:rizin:-
-
cpe:2.3:a:rizin:rizin:0.1.0
-
cpe:2.3:a:rizin:rizin:0.1.1
-
cpe:2.3:a:rizin:rizin:0.1.2
-
cpe:2.3:a:rizin:rizin:0.2.0
-
cpe:2.3:a:rizin:rizin:0.2.1
-
cpe:2.3:a:rizin:rizin:0.3.0
-
cpe:2.3:a:rizin:rizin:0.3.1
-
cpe:2.3:a:rizin:rizin:0.3.2
-
cpe:2.3:a:rizin:rizin:0.3.3
-
cpe:2.3:a:rizin:rizin:0.3.4
-
cpe:2.3:a:rizin:rizin:0.4.0
-
cpe:2.3:a:rizin:rizin:0.4.1
-
cpe:2.3:a:rizin:rizin:0.5.0
-
cpe:2.3:a:rizin:rizin:0.5.1
-
cpe:2.3:a:rizin:rizin:0.5.2
-
cpe:2.3:a:rizin:rizin:0.6.0
-
cpe:2.3:a:rizin:rizin:0.6.1
-
cpe:2.3:a:rizin:rizin:0.6.2
-
cpe:2.3:a:rizin:rizin:0.6.3
-
cpe:2.3:a:rizin:rizin:0.7.0
-
cpe:2.3:a:rizin:rizin:0.7.1
-
cpe:2.3:a:rizin:rizin:0.7.2
-
cpe:2.3:a:rizin:rizin:0.7.3
-
cpe:2.3:a:rizin:rizin:0.7.4
-
cpe:2.3:a:rizin:rizin:0.8.0
-
cpe:2.3:a:rizin:rizin:0.8.1