libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c.
https://www.debian.org/security/2020/dsa-4616
https://usn.ubuntu.com/4191-2/
https://usn.ubuntu.com/4191-1/
https://seclists.org/bugtraq/2020/Feb/0
https://lists.debian.org/debian-lts-announce/2019/09/msg00021.html
https://gitlab.freedesktop.org/slirp/libslirp/commit/c5927943
https://access.redhat.com/errata/RHSA-2020:0775
http://www.openwall.com/lists/oss-security/2019/09/06/3
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00034.html