Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. https://nvd.nist.gov/vuln/detail/CVE-2018-19214