Junrong

**Name of the Vulnerable Software and Affected Versions** radare2 versions prior to 6.1.4 **Description** A command injection issue exists in the PDB parser's `print gvars()` function. An attacker can execute arbitrary commands by embedding a newline byte in the PE section header name field. This is achieved by crafting a malicious PDB file with specific section names that inject r2 commands, which are then executed when the `idp` command processes the file. **Recommendations** Update to version 6.1.4 or later. As a temporary workaround, avoid using the `idp` command to process untrusted PDB files.