tcprewrite in tcpreplay v4.4.4 and v.4.4.3 has a double free in function tcpedit_dlt_cleanup in plugins/dlt_plugins.c. It can be triggered by sending a crafted file to the tcprewrite binary. It allows a local attacker to cause Denial of Service or possibly have unspecified other impact. https://github.com/appneta/tcpreplay/issues/813
Created tcpreplay tracking bugs for this issue: Affects: epel-all [bug 2255213] Affects: fedora-all [bug 2255214]
Asked questions in the upstream bug, to see what the problem could actually be here. Cursory look would suggest that perhaps pointers to allocated memory areas are duplicated in two different structures and setting a copy to NULL does not change the original, which then gets freed again. But, just a theory at this point.