E18-5igq1
CVSS:
7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
8
Year:
2018
Description
This strike exploits a heap use-after-free vulnerability in VCFTools program package.
The vulnerability is due to inexistent validation of 'FORMAT' input contained within the VCF file to be analyzed.
An attacker could potentially run arbitrary code or possibly have unspecified other impact on the target system by enticing a user to analyze a maliciously crafted VCF file.