CVE-2018-1000667

Name of the Vulnerable Software and Affected Versions NASM versions 2.14rc15 and earlier

Description The issue is related to a memory corruption that occurs when handling a crafted file, specifically due to the function assemble file(inname, depend ptr) at asm/nasm.c:482. This can result in the NASM program crashing. The attack appears to be exploitable via a specially crafted asm file.

Recommendations For NASM versions 2.14rc15 and earlier, consider avoiding the use of the assemble file(inname, depend ptr) function until a patch is available. As a temporary workaround, restrict the handling of crafted asm files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.