Home

Description

The application contains a use-after-free vulnerability that can be exploited to cause memory corruption while parsing specially crafted files. This could allow an attacker to execute arbitrary code in the context of the current process.

PUBLISHED Reserved 2026-06-03 | Published 2026-07-07 | Updated 2026-07-08 | Assigner icscert




HIGH: 8.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-416 Use after free

Product status

Default status
unaffected

9.1_SP4_Build-42914
affected

Credits

Michael Heinzl reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-188-06 government-resource

cve.org (CVE-2026-42958)

nvd.nist.gov (CVE-2026-42958)

Download JSON