CVE Catalog

CVE-2026-6068

Critical
Published: Translated: NVD NIST

Summary

NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced. The response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution.

Risk Assessment

This vulnerability can lead to serious consequences such as data corruption or remote code execution, posing a threat to the integrity and security of the system.

Recommendation

It is recommended to update NASM to the latest version to mitigate this vulnerability and conduct a code audit to identify and fix similar issues.

Original NVD description (English source)

NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS