Description
AUTOMGEN versions up to and including 8.0.0.7 (also referenced as 8.022) contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an indirect call through attacker-controlled memory, resulting in denial-of-service. In some conditions, remote code execution may be possible.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/17964
References (3)
Core 3
Core References
Various Sources product
https://en.iraifrance.com/automgen
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/17964
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/irai-automgen-use-after-free-remote-dos
Scores
CVSS v4
6.9
EPSS
0.0064
EPSS Percentile
70.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (1)
IRAI/AUTOMGEN
< 8.0.0.7
Published
Nov 12, 2025
Tracked Since
Feb 18, 2026