CVE-2017-1000172

Name of the Vulnerable Software and Affected Versions Creolabs Gravity version 1.0

Description The issue is related to a Use-After-Free condition, which can lead to possible code execution. Specifically, it is a Heap-Use-After-Free that occurs after the 'sublexer' pointer has been freed. In the gravity lexer.c file, at line 542, the lexer is being used to access a variable, but the lexer has already been freed, creating a Heap Use-After-Free condition.

Recommendations For Creolabs Gravity version 1.0, as a temporary workaround, consider restricting access to the lexer variable after it has been freed to minimize the risk of exploitation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.