CVE-2026-31053
Received Received - Intake
Double Free in librz LE Loader Causes Denial of Service

Publication date: 2026-04-06

Last updated on: 2026-04-14

Assigner: MITRE

Description
A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31053
EUVD
EUVD-2026-19250
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
rizin rizin 0.8.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-31053 is a double free vulnerability in the Rizin binary analysis framework, specifically in the function le_load_fixup_record() within librz/bin/format/le/le.c. The issue occurs when processing malformed or circular Linear Executable (LE) fixup chains, causing relocation entries to be freed multiple times during error handling. This improper memory deallocation leads to heap corruption and use-after-free errors.

The root cause was that the function rz_bin_reloc_free was incorrectly called on LE_reloc structures instead of the appropriate free function, resulting in heap corruption and potential crashes. This vulnerability can be triggered by a specially crafted LE binary file.

Impact Analysis

An attacker can exploit this vulnerability by supplying a specially crafted LE binary to the Rizin tool, causing it to crash due to heap corruption and use-after-free errors.

This results in a denial-of-service (DoS) condition, which can disrupt services, especially if Rizin is integrated into automated service pipelines or used in environments processing untrusted binaries.

Detection Guidance

This vulnerability can be detected by running the rizin binary analysis tool on potentially crafted LE (Linear Executable) binaries and observing if the application crashes due to heap corruption or double free errors.

A suggested command to reproduce the issue is to run rizin with aggressive analysis flags on a crafted binary file, for example:

  • rizin -AAA <crafted_LE_binary>

If the tool crashes with a segmentation fault or reports heap corruption, it indicates the presence of the vulnerability.

Mitigation Strategies

The immediate mitigation step is to update the rizin tool to a version that includes the fix for this vulnerability, specifically version 0.8.2 or later.

The fix involves correcting the memory deallocation routine in the handling of LE relocation entries to prevent double free and heap corruption.

Until the update is applied, avoid processing untrusted or malformed LE binaries with rizin, especially in automated service pipelines, to prevent denial-of-service crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31053. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart