Tags: overflow uaf 

Rating: 0

Abuese a UAF that is caused by overflowing the **1 BYTE in size** `refcount` of a book struct, get a user-controlled memory region to overlap with that struct and abuse it in the classic UAF way.