CVE-2025-1786

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-1786
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1786.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-1786
Published
2025-03-01T10:15:11.683Z
Modified
2026-04-10T05:22:01.681572Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msfstreamdirectory_free in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.8.0 is able to address this issue. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/rizinorg/rizin

Affected ranges

Type
GIT
Repo
https://github.com/rizinorg/rizin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
1b6f736c65b9fb8b7ce8a05706edab0f4148985c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.8.0"
        }
    ]
}

Affected versions

0.*
0.1.0
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.5.2
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.7.2
v0.7.3
v0.7.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1786.json"