CVE Catalog

CVE-2026-14758

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A vulnerability was found in radare2 up to version 6.1.6 in the cmd_anal_opcode function of libr/core/cmd_anal.inc.c within the hexpairs Parser component. Data manipulation leads to an integer overflow. The attack requires local access and an exploit is publicly available.

Risk Assessment

The organization faces a local integer overflow that could allow an attacker to destabilize the system or potentially execute code. The publicly available exploit increases the risk of exploitation.

Recommendation

Apply the patch identified as 84e773986e7e5bb30453a9384f498ec0ccc9d0a9 immediately or update radare2 to a version newer than 6.1.6.

Original NVD description (English source)

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmd_anal_opcode of the file libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is publicly available and might be used. The name of the patch is 84e773986e7e5bb30453a9384f498ec0ccc9d0a9. A patch should be applied to remediate this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS