{"id":"CVE-2017-7946","details":"The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file.","modified":"2026-04-11T04:59:31.071203Z","published":"2017-04-18T20:59:00.200Z","references":[{"type":"FIX","url":"https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92"},{"type":"FIX","url":"https://github.com/radare/radare2/issues/7301"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/radare/radare2","events":[{"introduced":"0"},{"last_affected":"7b31601631810b1d84fb8568b94b9f7c887f9def"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.0"}]}},{"type":"GIT","repo":"https://github.com/radareorg/radare2","events":[{"introduced":"0"},{"fixed":"d1e8ac62c6d978d4662f69116e30230d43033c92"}]}],"versions":["0.10.0","0.10.1","0.10.2","0.10.3","0.10.4","0.10.4-termux4","0.10.5","0.10.6","0.8.6","0.8.8","0.9","0.9.2","0.9.4","0.9.6","0.9.7","0.9.8","0.9.8-rc1","0.9.8-rc2","0.9.8-rc3","0.9.8-rc4","0.9.9","1.0","1.0.0","1.0.1","1.0.2","1.1.0","1.2.0","1.2.0-git","1.3.0","1.3.0-git","radare2-windows-nightly","termux"],"database_specific":{"vanir_signatures":[{"id":"CVE-2017-7946-6db834f8","target":{"file":"libr/bin/format/mach0/mach0.c"},"source":"https://github.com/radareorg/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["98087576193451517254033009895863813932","156682621656861689712753278960972319317","311907311112858534218515060603363333282","86392897736965051032351701253889902332","130489916282176589233204413413344072131","261029230745379985370481266318482211064","234991063195063353878551881272722870713","15370847212929908108059839829750314191","64953988289932740180252958676324845057","186270764205321295169116511077305280836","319001382481972198118714838998113208765","6744721957145300683637673405069409391","248589380602903816361843021442705647388","199765085531405694240174614080179360363","245320198767001255825359188488936938565","24325967151837186896959716084014607005","48241428568036213651325965233675715655","168755743906117612496238921656172354141","207299675690229620755373945575790823204","195680416448814575417600619791595348479","49421494328161831833549175964374182729","292022493742678836492120119317608949193","198609181230818130589749040564209393166","119942582475931940707018382170372563280","121677015275586545787599743225714170954","96992730358133552052599986571630255021","236099622371405643478346891215235260802","290066655185419546775292642239791135968","13639072684563853840919788312464069593","325757151293788731501332940570898845198","65425911270442413982859472028159991603","302863787817559213656160091321382815691","37607146773508945089332727730284956790","269009730338486873512359112289157709156","181389910919497232503018782014732794561","180762845020080210111685784929538423427","226480434980450432219882095586169819890","234674345815971709113314645159199181123","40859217232836180695541374174287756793","204710573597719709077113466888108348018","64002781100792433178625369119882966532","322926518559432560585013436644696253899","247125989461681284532145555096923086623","206741661628945976475547372116079402592","263496835859694169469288726587752843262","57535966147220152662450295192842776796","300556014669763563788209478285986388193","277770437203855892055200486866855004107","294043414484958547903729663731639664138","305122710814305375133040567708762747959","216937690439282717031075644713925482838","339112755734916764052624512076535798543","244495609117234889078340842553837833765","251431398894069986931603623836941543203","293940910065671516069332013317743602446","109824311113427758989962870051509272940","129090280501942518851618682250189591938","212014944418121142373814174229237264520","84505957859018690618041890303964158802","80538072416316548435875679839286014592","333658886226728241904367398137345671657","29204589880798460851252259512487461197","316083271324117631488934355979962030439","194938367413467659255778015279107272992","229121341758720772750109511672853205305","277632265184199955441422228007353692410","29763533097287378157372674835225814895","59667308214633689975558291721276104573","2804862173105609852397612510972977269","131435202265752013984338608716131080798","232493858867750610925386919624021281297","176624094016185031341241287352943913912","229133399720245676904872241979312545308","311809343752647125310793130766885828966"]},"signature_type":"Line","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7946.json","vanir_signatures_modified":"2026-04-11T04:59:31Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}