CVE-2026-22780 Common Vulnerabilities and Exposures

Upstream information

CVE-2026-22780 at MITRE

Description

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2.

SUSE information

Overall state of this security issue: Analysis

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail	CNA (GitHub)	SUSE
Base Score	4.4	4.4
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Attack Vector	Local	Local
Attack Complexity	Low	Low
Privileges Required	None	None
User Interaction	Required	Required
Scope	Unchanged	Unchanged
Confidentiality Impact	None	None
Integrity Impact	Low	Low
Availability Impact	Low	Low
CVSSv3 Version	3.1	3.1

SUSE Bugzilla entry: 1257611 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`rizin >= 0.8.2-1.1` `rizin-common >= 0.8.2-1.1` `rizin-devel >= 0.8.2-1.1`	Patchnames: openSUSE-Tumbleweed-2026-10141

SUSE Timeline for this CVE

CVE page created: Tue Feb 3 02:02:39 2026
CVE page last modified: Wed Feb 4 01:44:57 2026