OSV-2025-42

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/radare2/OSV-2025-42.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2025-42
Published
2025-01-19T00:06:58.533546Z
Modified
2025-01-19T00:06:58.534017Z
Summary
Heap-use-after-free in r_list_free
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=390467754

Crash type: Heap-use-after-free READ 8
Crash state:
r_list_free
r_bin_bflt_free
r_bin_file_free
References

Affected packages

OSS-Fuzz / radare2

Package

Name
radare2
Purl
pkg:generic/radare2

Affected ranges

Type
GIT
Repo
https://github.com/radareorg/radare2
Events
Introduced
d6cd906585b7c01c41b111dde0e0477945954646
Fixed
44a501ba45d51776c9ea4820007477b580df50a3

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific

introduced_range

"b7d2fec2f732bffc4093d09485e9855c84201bc8:e798bd4482971a0d2aed211c551876f90e5ea411"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/radare2/OSV-2025-42.yaml"

fixed_range

"e798bd4482971a0d2aed211c551876f90e5ea411:44a501ba45d51776c9ea4820007477b580df50a3"