libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. Reference: https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
Created libEMF tracking bugs for this issue: Affects: fedora-all [bug 1835794]
External References: https://sourceforge.net/p/libemf/news/2020/05/re-release-of-libemf-1012/
Statement: libEMF is a C/C++ library which provides a drawing toolkit based on ECMA-234. The general purpose of this library is to create vector graphics files on POSIX systems which can be imported into OpenOffice.org or LibreOffice. Programs compiled with libEMF, output ECMA-234 graphics files locally which can be then imported into desktop applications. Therefore this use-after-free flaw can only be triggered via maliciously written applications compiled with libEMF.
Upstream commit: https://sourceforge.net/p/libemf/code/92/
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-11866