Use After Free Vulnerability in AUTOMGEN Product by IRAI
CVE-2011-10034

6.9MEDIUM

Key Information:

Vendor: Irai
Status: Automgen
Vendor: CVE Published:; 12 November 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2011-10034?

The AUTOMGEN product from IRAI has a vulnerability in its project file handling mechanism. Specifically, the issue arises when certain malformed fields are processed, leading to memory management errors. An object is freed but is subsequently dereferenced due to a stale pointer. This use-after-free scenario could permit an attacker to manipulate memory, potentially enabling indirect calls through attacker-controlled data, resulting in denial-of-service disruptions. In specific cases, there is also the risk of remote code execution, heightening the severity of the threat.

Affected Version(s)

AUTOMGEN 0 <= 8.0.0.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2011-10034 - Proof of Concept

References

https://www.exploit-db.com/exploits/17964

exploit

https://en.iraifrance.com/automgen

product

https://www.vulncheck.com/advisories/irai-automgen-use-af...

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 12, 2025
👾
Exploit known to exist
Nov 12, 2025
Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Oct 28, 2025

Credit

Luigi Auriemma

JSON

Irai

Badges

What is CVE-2011-10034?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit