There is a heap out of bounds read in radare2 2.6.0 in java_switch_op in libr/anal/p/anal_java.c via a crafted Java binary file.