CVE-2019-1010127

HIGH

VCFTools vcftools <0.1.15 - Use-after-free

Title source: llm
STIX 2.1

Description

VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0164
EPSS Percentile 73.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (1)
vcftools_project/vcftools < 0.1.15
Published Jul 25, 2019
Tracked Since Feb 18, 2026