Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid
purl pkg:deb/debian/radare2@4.2.1%2Bdfsg-1?distro=sid
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-6s39-wdz1-yuhz radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input. CVE-2019-19647
VCID-797x-2rdg-efbq In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free. This allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted input. CVE-2019-19590

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:14:42.353517+00:00 Debian Importer Fixing VCID-797x-2rdg-efbq https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:09:05.937347+00:00 Debian Importer Fixing VCID-6s39-wdz1-yuhz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:07:12.623952+00:00 Debian Importer Fixing VCID-797x-2rdg-efbq https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:07:37.860741+00:00 Debian Importer Fixing VCID-6s39-wdz1-yuhz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:51:41.041110+00:00 Debian Importer Fixing VCID-6s39-wdz1-yuhz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:41.016348+00:00 Debian Importer Fixing VCID-797x-2rdg-efbq https://security-tracker.debian.org/tracker/data/json 38.1.0