CVE-2026-14787
Received Received - Intake

Integer Overflow in radare2 via cmd_print Function

Vulnerability report for CVE-2026-14787, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: VulDB

Description

A weakness has been identified in radareorg radare2 up to 6.1.6. Affected is the function cmd_print in the library libr/core/cmd_print.inc of the component pb Print Command Handler. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: 2b6265476c75567006b0fcbb749f4ae7b189c5df. It is recommended to apply a patch to fix this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
radareorg radare2 to 6.1.6 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-189
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-14787 is an integer overflow vulnerability in the radare2 tool, specifically in the cmd_print function within the pb Print Command Handler component. When a large value is used with the pb print command, the multiplication of the length by 8 can overflow a signed integer, causing undefined behavior.

This overflow can lead to memory corruption or crashes because the program may allocate incorrect memory sizes based on the overflowed value.

The vulnerability requires local access to exploit and has been publicly disclosed with proof-of-concept code available.

Impact Analysis

This vulnerability can cause the radare2 tool to behave unpredictably, potentially leading to memory corruption or crashes when processing specially crafted input.

Since the attack must be launched locally, an attacker with local access could exploit this flaw to disrupt the normal operation of radare2, possibly causing denial of service or other unintended behavior.

Detection Guidance

This vulnerability can be detected by attempting to trigger the integer overflow in the radare2 tool's pb print command. Specifically, executing the command with a large value such as `pb 0x10000000` can reproduce the issue.

The UndefinedBehaviorSanitizer (UBSan) can be used to detect the signed integer overflow during execution, which reports errors at the source code location related to the multiplication overflow.

A proof-of-concept (PoC) script and reproducer are available to demonstrate the vulnerability, which can be used to verify if the system is affected.

Mitigation Strategies

The recommended immediate step to mitigate this vulnerability is to apply the patch identified by commit 2b6265476c75567006b0fcbb749f4ae7b189c5df.

This patch adds validation checks in the vulnerable functions to prevent integer overflow by ensuring the length variable does not exceed safe limits or become negative, thus preventing memory corruption or crashes.

Since the attack requires local access, restricting local user permissions and monitoring usage of the pb print command in radare2 can also help reduce risk until the patch is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14787. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart