{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-31053", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T19:42:43.611Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:40:23.057Z"}, "descriptions": [{"lang": "en", "value": "A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/rizinorg/rizin/issues/5753"}, {"url": "https://github.com/rizinorg/rizin/pull/5795"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-415", "lang": "en", "description": "CWE-415 Double Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T19:42:21.334477Z", "id": "CVE-2026-31053", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:42:43.611Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-31053", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T19:42:21.334477Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415 Double Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:42:15.663Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/rizinorg/rizin/issues/5753"}, {"url": "https://github.com/rizinorg/rizin/pull/5795"}], "descriptions": [{"lang": "en", "value": "A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:40:23.057Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31053", "state": "PUBLISHED", "dateUpdated": "2026-04-06T19:42:43.611Z", "dateReserved": "2026-03-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline."}], "id": "CVE-2026-31053", "lastModified": "2026-04-06T20:16:22.017", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-06T15:17:07.953", "references": [{"source": "cve@mitre.org", "url": "https://github.com/rizinorg/rizin/issues/5753"}, {"source": "cve@mitre.org", "url": "https://github.com/rizinorg/rizin/pull/5795"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 88.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "rizin", "vendor": "rizin"}], "analysis": {"en": {"generated_at": "2026-04-06T17:53:57.279093+00:00", "value": {"mitigation_remediation": ["Apply the patch merged in the referenced pull request or upgrade to a Rizin release that includes the fix.", "If updating immediately is not possible, restrict LE file input to a whitelist or run the loader in a sandboxed environment to isolate failures.", "Monitor system logs for repeated crashes related to the LE loader and alert administrators when such events occur.", "Maintain an inventory of all Rizin installations and ensure they are kept current with the vendor\u2019s patches."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via double\u2011free heap corruption"}, "threat_synthesis": {"affected_systems": "Any installation of the Rizin binary analysis suite that processes LE binaries is affected, as the flaw resides in the librz/format/le component. Users running the tool in data\u2011processing pipelines or services that accept arbitrary LE files should consider their environments vulnerable.", "description_and_impact": "A double\u2011free bug exists in the LE binary loader. When a malformed or circular LE fixup chain is processed, the loader attempts to free already freed relocation entries during error handling, corrupting the heap and causing the application to crash. An attacker who can supply a malicious LE file can trigger this overflow and result in a loss of service.", "risk_and_exploitability": "The vulnerability has a high impact because it results in a complete denial of service. No CVSS score is supplied and the EPSS score is unavailable, but the flaw is not listed in the KEV catalog. The likely attack vector is the delivery of a crafted LE file, which can occur locally or over a network if the Rizin instance is exposed."}}}}, "created": "2026-04-06T20:22:09.363751+00:00", "title": "Heap Double\u2011Free in Rizin LE Binary Loader Leading to Denial of Service", "updated": "2026-04-06T21:48:00.049910+00:00", "vendors": ["rizin", "rizin$PRODUCT$rizin"], "weaknesses": ["CWE-416"]}