CVE-2024-25713 Information

Description

yyjson through 0.8.0 has a double free leading to remote code execution in some cases because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator along with pool_malloc and pool_realloc.)

Reference

https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh