Heap-Based Buffer Overflow in libredwg Affects LibreDWG Software
CVE-2021-39525

8.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 20 September 2021

Summary

A buffer overflow vulnerability has been identified in LibreDWG's libredwg library, specifically in the bit_read_fixed() function located within bits.c. This issue allows for a heap-based buffer overflow which can potentially lead to unauthorized data manipulation or compromise of system integrity, affecting versions before v0.10.1.3751. Users of affected versions are encouraged to update to the latest releases as a precautionary measure.

References

https://github.com/LibreDWG/libredwg/issues/261

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2021
Vulnerability Reserved
Aug 23, 2021