Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22617
Reference (s):
- https://github.com/Ardour/ardour/commit/96daa4036a
- https://tracker.ardour.org/view.php?id=7926