Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.
Credits
xina1i, working with Trend Micro’s Zero Day Initiative, reported this vulnerability to CISA.
