https://bugzilla.redhat.com/show_bug.cgi?id=1663908
Bug ID: 1663908 Summary: CVE-2018-20538 nasm: Use-after-free at asm/preproc.c resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20181118,reported=20181228,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: dominik@greysector.net, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com Target Milestone: --- Classification: Other
A use-after-free vulnerability was found in nasm. A specially crafted file could cause the application to crash.
Upstream issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392531