ASLR randomizes the base addresses of memory segments like the stack and shared libraries on every execution. To defeat it an information leak vulnerability is usually required to read a valid memory address at runtime. Since ASLR only shifts the memory regions as a whole, the relative offsets between functions remain constant. By leaking a single pointer the base address can be calculated, which allows computing the exact runtime location of the target function or ROP gadgets.