Wargio

A double free vulnerability exists in librz/bin/format/le/le.c in the function le load fixup record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline.

**Name of the Vulnerable Software and Affected Versions** rizin versions prior to v0.6.3 **Description** The issue is related to Uncontrolled Resource Consumption. It affects the `bin pe parse imports`, `Pe r bin pe parse var`, and `estimate slide` functions. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to v0.6.3, update to version v0.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `bin pe parse imports`, `Pe r bin pe parse var`, and `estimate slide` functions until a patch is available.