2436123 – (CVE-2026-22780) CVE-2026-22780 Rizin: Rizin: Heap overflow allows arbitrary code execution via malicious mach0 file

Bug 2436123 (CVE-2026-22780) - CVE-2026-22780 Rizin: Rizin: Heap overflow allows arbitrary code execution via malicious mach0 file

Summary: CVE-2026-22780 Rizin: Rizin: Heap overflow allows arbitrary code execution vi...

Keywords:
Status:	NEW
Alias:	CVE-2026-22780
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2436290 2436291 2436292 2436293 2436294
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-03 00:02 UTC by OSIDB Bzimport
Modified:	2026-02-03 10:16 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-03 00:02:45 UTC

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.

Note You need to log in before you can comment on or make changes to this bug.