Rizin
Moderate fix1 remedy
cpe:2.3:a:rizin:rizin:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 0.8.2
Rizin Heap Overflow Vulnerability in Mach-O Chained Fixups Parsing
Vulnerability
Patched
A heap overflow vulnerability has been identified in Rizin versions prior to 0.8.2. This issue arises when the tool parses a malicious Mach-O file containing invalid entries in the dynamic linker (dyld) chained segments. The vulnerability allows for an out-of-bounds write, which could potentially be exploited.
Impact
Exploitation of this vulnerability leads to a heap-based out-of-bounds write, causing a heap overflow.
Reproduction
The vulnerability can be reproduced by compiling Rizin with AddressSanitizer enabled, which detects memory corruption errors. After compiling Rizin with AddressSanitizer, the tool can be run to analyze a crafted Mach-O binary that triggers the heap overflow. The AddressSanitizer will report the heap-buffer-overflow error, indicating that the vulnerability has been successfully exploited.
Remediation
Users can upgrade to Rizin version 0.8.2, where this vulnerability has been patched.
Added: Feb 2, 2026, 11:37 PM
Updated: Feb 2, 2026, 11:37 PM
Vulnerability Rating
Custom Algorithm
spread
2.4impact
0.6exploitability
5.0remediation
7.7relevance
2.4threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.