source: https://www.securityfocus.com/bid/6650/info

CVS is prone to a double free vulnerability in the Directory requests. An attacker may potentially take advantage of this issue to cause heap memory to be corrupted with attacker-supplied values, which may result in execution of arbitrary code.

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/22187.tar.gz