Candidate: CVE-2019-1010127
PublicDate: 2019-07-25 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010127
 https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub
Description:
 VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free.
 The impact is: Denial of Service or possibly other impact (eg. code
 execution or information disclosure). The component is: The
 header::add_FILTER_descriptor method in header.cpp. The attack vector is:
 The victim must open a specially crafted VCF file.
Ubuntu-Description:
 It was discovered that VCFtools improperly handled memory
 allocation/deallocation, resulting in a use-after-free vulnerability. If a
 victim were tricked into opening a specially crafted VCF File, an attacker
 could cause VCFtools to leak sensitive information or possibly execute
 arbitrary code.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_vcftools:
upstream_vcftools: needs-triage
precise/esm_vcftools: DNE
trusty_vcftools: ignored (out of standard support)
trusty/esm_vcftools: needed
xenial_vcftools: ignored (end of standard support, was needs-triage)
bionic_vcftools: needed
disco_vcftools: not-affected (0.1.16-1)
eoan_vcftools: not-affected (0.1.16-1)
focal_vcftools: not-affected (0.1.16-1)
groovy_vcftools: not-affected (0.1.16-1)
hirsute_vcftools: not-affected (0.1.16-1)
impish_vcftools: not-affected (0.1.16-1)
jammy_vcftools: not-affected (0.1.16-1)
devel_vcftools: not-affected (0.1.16-1)