In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. https://nvd.nist.gov/vuln/detail/CVE-2018-20623