A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass routine while reassembling incoming packets, if the first fragment is bigger than the m-