Primary

Context

Rizin Buffer Overflow Vulnerability in PDB Handling Prior to Version 0.7.4

Vulnerability

Patched

A critical buffer overflow vulnerability has been identified in Rizin versions prior to 0.7.4. The issue arises in the PDB handling function 'msf_stream_directory_free' within the PDB parsing library. This vulnerability requires local access to exploit.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a crash of the Rizin application.

Reproduction

The vulnerability can be reproduced by using the Rizin command-line tool 'rz-bin' with the '-P' option followed by a crafted PDB file that triggers the buffer overflow. This can be done by running 'rz-bin -P /path/to/crafted.pdb'

Remediation

Users are advised to upgrade to Rizin version 0.8.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rizin Buffer Overflow Vulnerability in PDB Handling Prior to Version 0.7.4

Vulnerability

Impact

Reproduction

Remediation

Affected Products

rizin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating