Heap Buffer Overflow Vulnerability in LibreDWG Affected by Malicious DWG Files
CVE-2021-42586

8.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 23 May 2022

Summary

A heap buffer overflow vulnerability exists in the copy_bytes function within the decode_r2007.c file of LibreDWG. This flaw can be exploited by an attacker through the use of a specially crafted DWG file, leading to potential arbitrary code execution or system instability. Users are advised to upgrade to the latest version, 0.12.4 or later, to mitigate the risks associated with this vulnerability.

References

https://github.com/LibreDWG/libredwg/issues/350

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2022
Vulnerability Reserved
Oct 18, 2021