Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.
Published: 2026-05-29
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Rizin, a UNIX‑like reverse engineering framework, contains a heap‑buffer‑overflow in the OMF parser located in librz/bin/format/omf/omf.c. This flaw can corrupt adjacent heap memory and may lead to a crash or, in some execution contexts, arbitrary code execution. The weakness is classified as CWE‑125, a classic out‑of‑bounds read that can be leveraged to corrupt data structures, undermining integrity and stability of the application.

Affected Systems

The vulnerability affects any installation of the rizinorg:rizin product that includes the unpatched OMF parsing code. No specific version range is listed in the CNA data, so all released versions containing the old omf.c code are susceptible until the fix is applied.

Risk and Exploitability

The CVSS score of 3.3 indicates low severity, and no EPSS estimate is available, suggesting limited projected exploitation activity. The vulnerability is not yet catalogued in CISA’s KEV list. Based on the description, the attack vector is likely local: an attacker who can supply a crafted OMF file to the Rizin tool is able to trigger the overflow. External exploitation would require a medium‑to‑high skill level to craft a malicious file and trigger the parser within a session that has sufficient privileges.

Generated by OpenCVE AI on May 29, 2026 at 20:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the version of Rizin that includes commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47 or later.
  • If an update cannot be applied immediately, run Rizin in a restricted or sandboxed environment to limit the impact of a heap corruption event.
  • Avoid loading untrusted OMF files; verify file integrity before parsing or manually review the file contents.

Generated by OpenCVE AI on May 29, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.
Title Rizin: Heap-buffer-overflow in OMF parser
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-29T19:07:49.291Z

Reserved: 2026-05-12T20:31:43.448Z

Link: CVE-2026-45613

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-29T20:16:26.890

Modified: 2026-05-29T20:21:38.773

Link: CVE-2026-45613

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T21:00:09Z

Weaknesses