Unrated severityOSV Advisory· Published Feb 2, 2026· Updated Feb 3, 2026
Rizin has a heap overflow on mach0_chained_fixups.c
CVE-2026-22780
Description
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/rizinorg/rizin/blob/6dd0dba9ff4dc706f549d0cdcd93856b49e59aa0/librz/bin/format/mach0/mach0_chained_fixups.cmitrex_refsource_MISC
- github.com/rizinorg/rizin/commit/41ea75d5b07d9b41b27ae80675cdda65f1b1c989mitrex_refsource_MISC
- github.com/rizinorg/rizin/issues/5768mitrex_refsource_MISC
- github.com/rizinorg/rizin/pull/5770mitrex_refsource_MISC
- github.com/rizinorg/rizin/releases/tag/v0.8.2mitrex_refsource_MISC
- github.com/rizinorg/rizin/security/advisories/GHSA-f3v7-xhmj-9cjjmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.