CVE 2018-19975
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
See the 
CVE page on Mitre.org
for more details.
