CVE-2026-52759
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM.
Risk Assessment
This vulnerability may lead to Ghidra system crashes, potentially disrupting organizational operations and hindering binary analysis.
Recommendation
It is recommended to update Ghidra to version 12.1.1 or later to mitigate this vulnerability and to monitor the system for unauthorized attempts to deliver malicious files.
Original NVD description (English source)
Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM.

