Heap-Buffer Overflow in LibreDWG Affects Your Data Security
CVE-2021-28237

9.8CRITICAL

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 2 December 2021

What is CVE-2021-28237?

LibreDWG version 0.12.3 is susceptible to a heap-buffer overflow vulnerability that occurs during the decode_preR13 function. This vulnerability can potentially lead to unexpected behavior, including data corruption or unauthorized access to system memory. Users of affected versions are advised to monitor their systems closely and apply relevant patches to mitigate the risks associated with this security flaw.

References

https://github.com/LibreDWG/libredwg/issues/325

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2021
Vulnerability Reserved
Mar 12, 2021

Gnu

What is CVE-2021-28237?

References

CVSS V3.1

Timeline