CVE-2026-6068
CriticalSummary
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced. The response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution.
Risk Assessment
This vulnerability can lead to serious consequences such as data corruption or remote code execution, posing a threat to the integrity and security of the system.
Recommendation
It is recommended to update NASM to the latest version to mitigate this vulnerability and conduct a code audit to identify and fix similar issues.
Original NVD description (English source)
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution.

