The cmdinfo function in libr/core/cmdinfo.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.
{ "binaries": [ { "binary_name": "libradare2-0.9.6", "binary_version": "0.9.6-3.1ubuntu1" }, { "binary_name": "libradare2-common", "binary_version": "0.9.6-3.1ubuntu1" }, { "binary_name": "libradare2-dev", "binary_version": "0.9.6-3.1ubuntu1" }, { "binary_name": "radare2", "binary_version": "0.9.6-3.1ubuntu1" }, { "binary_name": "radare2-plugins", "binary_version": "0.9.6-3.1ubuntu1" } ] }