Alsoprach

**Name of the Vulnerable Software and Affected Versions** yyjson versions 0.8.0 and earlier **Description** The issue is related to a double free vulnerability in the pool series allocator, specifically due to the lack of loop checks in the `pool free` function. This can lead to remote code execution in some cases. The vulnerability is caused by the `pool free` function not performing pointer destruction, resulting in Use-After-Free (UAF) vulnerabilities. Arbitrary address writing, combined with other legitimate or illegitimate operations of programs using this library, can lead to remote code execution. **Recommendations** For yyjson versions 0.8.0 and earlier, consider applying the defensive patch provided by the developer, which will cause the program to crash immediately if `yyjson mut doc free()` is called twice on the same doc, alerting to the incorrect usage. As a temporary workaround, ensure that `yyjson mut doc free()` is not called multiple times on the same document to prevent the double free vulnerability.