CVE-2026-14789

Publication date 6 July 2026

Last updated 6 July 2026


Ubuntu priority

Cvss 3 Severity Score

3.3 · Low

Score breakdown

Description

A vulnerability was detected in radareorg radare2 up to 6.1.6. Affected by this issue is some unknown functionality of the file libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream Parser. Performing a manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. The patch is named 175d4addb68981331c85b10681c2161c38fb5762. It is suggested to install a patch to address this issue.

Status

Package Ubuntu Release Status
radare2 26.04 LTS resolute
Needs evaluation
25.10 questing
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy Not in release
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation

Severity score breakdown

CVSS version:

Base score 1.9 · Low

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Base score 3.3 · Low

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L


Access our resources on patching vulnerabilities