A heap-based buffer overflow in the libexe_io_handle_read_coff_optional_header function of libyal libexe before 20181128 allows attackers to execute arbitrary code.