CVE-2018-14015

The sdbsetinternal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file because of missing input validation in rbindwarfparsecompunit in libr/bin/dwarf.c...

CVE-2017-16805

In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service invalid read and application crash via a crafted ELF file, related to rbindwarfparsecompunit in dwarf.c and sdbsetinternal in shlr/sdb/src/sdb.c...