Description
VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.
References (2)
Core 2
Core References
Issue Tracking x_refsource_confirm
https://github.com/vcftools/vcftools/issues/141
Exploit, Third Party Advisory x_refsource_misc
https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub
Scores
CVSS v3
7.8
EPSS
0.0164
EPSS Percentile
73.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (1)
vcftools_project/vcftools
< 0.1.15
Published
Jul 25, 2019
Tracked Since
Feb 18, 2026