libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. CREATE(Triage):(User=admin) [CVE-2019-15890|https://nvd.nist.gov/vuln/detail/CVE-2019-15890]