MGASA-2026-0198 Updated radare2 packages fix security vulnerability

CVE-2026-40499, Command Injection via PDB Parser printgvars...

openSUSE 16 Security Update : radare2 (openSUSE-SU-2026:20653-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20653-1 advisory. Changes in radare2: - Update to version 6.1.4 bsc1262142, CVE-2026-40499: Analysis: improve autoname scoring, jmptbl detection, and performance...

Security update for radare2 (critical)

openSUSE security update: security update for radare2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20653-1 Rating: critical References: bsc1234065 bsc1237250 bsc1238075 bsc1238451 bsc1244121 bsc1262142 Cross-References: CVE-2024-29645 CVE-2025-13...

libsdb2_4_2-6.1.4-1.1 on GA media (moderate)

libsdb242-6.1.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10555-1 Rating: moderate Cross-References: CVE-2026-40499 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

CVE-2026-40499

radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by embedding a newline byte in the PE section header name field. Attackers can craft a malicious PDB file with specially crafted...