CVE-2026-45613 | Rizin is a UNIX-like reverse engineering framework and comma… | CVSS 3.3 LOW

Description

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.

Metadata

CVE ID: CVE-2026-45613
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-12 20:31 UTC
Published: 2026-05-29 19:07 UTC
Last updated: 2026-06-01 17:49 UTC
Primary CWE: CWE-125
CWE-125: Out-of-bounds Read
Vendor / Product: rizinorg / rizin
Sources: cve.org · NVD

Severity & Metrics

3.3 LOW CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
rizinorg	rizin	—	< e6d0937c8a083e23ed76ccfb9f631cdc50c7af47

Weakness (CWE)

CWE	Source	Description
CWE-125	cna	CWE-125: Out-of-bounds Read

CVSS scores (1)

Score	Severity	Version	Source	Vector
3.3	LOW	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References (2)

https://github.com/rizinorg/rizin/security/advisories/GHSA-wprr-wrcw-mw6v https://github.com/rizinorg/rizin/security/advisories/GHSA-wprr-wrcw-mw6v
https://github.com/rizinorg/rizin/commit/e6d0937c8a083e23ed76ccfb9f631cdc50c7af47 https://github.com/rizinorg/rizin/commit/e6d0937c8a083e23ed76ccfb9f631cdc50c7af47