Vulnerability Details CVE-2019-1010127
VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.3%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub
- https://github.com/vcftools/vcftools/issues/141
- https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub
- https://github.com/vcftools/vcftools/issues/141
Products affected by CVE-2019-1010127
-
cpe:2.3:a:vcftools_project:vcftools:0.1.13
-
cpe:2.3:a:vcftools_project:vcftools:0.1.14