{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-31053", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T19:42:43.611Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:40:23.057Z"}, "descriptions": [{"lang": "en", "value": "A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/rizinorg/rizin/issues/5753"}, {"url": "https://github.com/rizinorg/rizin/pull/5795"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-415", "lang": "en", "description": "CWE-415 Double Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T19:42:21.334477Z", "id": "CVE-2026-31053", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:42:43.611Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-31053", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T19:42:21.334477Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415 Double Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:42:15.663Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/rizinorg/rizin/issues/5753"}, {"url": "https://github.com/rizinorg/rizin/pull/5795"}], "descriptions": [{"lang": "en", "value": "A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:40:23.057Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31053", "state": "PUBLISHED", "dateUpdated": "2026-04-06T19:42:43.611Z", "dateReserved": "2026-03-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline."}], "id": "CVE-2026-31053", "lastModified": "2026-04-06T20:16:22.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-06T15:17:07.953", "references": [{"source": "cve@mitre.org", "url": "https://github.com/rizinorg/rizin/issues/5753"}, {"source": "cve@mitre.org", "url": "https://github.com/rizinorg/rizin/pull/5795"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 88.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "rizin", "vendor": "rizin"}], "analysis": {"en": {"generated_at": "2026-04-07T01:28:24.953908+00:00", "value": {"mitigation_remediation": ["Upgrade Rizin to the latest release that incorporates the fix from pull request 5795 or apply the patch directly from the Rizin repository.", "If an upgrade cannot be performed immediately, run Rizin in a sandboxed environment and reject any malformed LE files before processing.", "Monitor Rizin\u2019s security advisories and apply updates as soon as new patches are released."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability resides in Rizin\u2019s librz/bin/format/le/le.c module and affects any installation of Rizin that uses the LE binary loader; no specific version numbers are provided. An attacker only needs a crafted legacy executable (LE) file that the tool will process, which may happen when Rizin is part of an automated pipeline.", "description_and_impact": "A double free bug exists in the LE binary loader of Rizin. During the processing of malformed or circular fixup chains the function le_load_fixup_record() frees relocation entries more than once during error handling, leading to heap corruption. This corruption can cause the application to crash, resulting in a denial\u2011of\u2011service condition. The weakness corresponds to double free (CWE\u2011415) and potentially use\u2011after\u2011free (CWE\u2011416).", "risk_and_exploitability": "The CVSS score is 6.2, indicating moderate severity, and the vulnerability is not listed in CISA\u2019s KEV catalog. The EPSS score is unavailable, so the exact likelihood of exploitation is uncertain. Based on the description, the attack requires supplying a malicious LE binary to the vulnerable loader, suggesting a local or pipeline\u2011based vector rather than a remote network attack. Because the impact is limited to denial of service and no remote code execution is available, the overall risk is moderate. Applying the vendor\u2019s patch is the only definitive mitigation."}}}}, "created": "2026-04-06T20:22:09.363751+00:00", "updated": "2026-04-07T06:55:09.247739+00:00", "vendors": ["rizin", "rizin$PRODUCT$rizin"]}