It was reported that offsets contained in cache files aren"t checked if they"re in legal ranges or are pointers at all. The lack of validation allows an attacker to trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. When used with setuid binaries using crafted cache files, privilege escalation is possible..