### [CVE-2019-19648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19648)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.

### POC

#### Reference
- https://github.com/VirusTotal/yara/issues/1178
- https://github.com/VirusTotal/yara/issues/1178

#### Github
No PoCs found on GitHub currently.