I would agree that any hypothetical use-after-free / double-free errors are usually also security vulnerabilities. But these ones were discovered with static analysis and/or affecting engine use, in error conditions only. Thus connectivity must already be failing / denied, before one can trip these ones up. Not sure if one can further stage an attack by staging a connection failure, and try to disclose information from that.
I would agree that any hypothetical use-after-free / double-free errors are usually also security vulnerabilities. But these ones were discovered with static analysis and/or affecting engine use, in error conditions only. Thus connectivity must already be failing / denied, before one can trip these ones up. Not sure if one can further stage an attack by staging a connection failure, and try to disclose information from that.
Will ping security team about it.