Heap Use-After-Free Vulnerability in LibreDWG Affected by Function Flaw
CVE-2022-33025

7.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 23 June 2022

What is CVE-2022-33025?

A heap-use-after-free vulnerability has been identified in LibreDWG version 0.12.4.4608. This issue arises from a flaw in the function decode_preR13_section located in the decode_r11.c file. If exploited, this vulnerability could allow an attacker to manipulate memory in a way that could lead to unexpected behaviors or system crashes, posing a risk to the integrity of systems utilizing this software.

References

https://github.com/LibreDWG/libredwg/issues/487

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2022
Vulnerability Reserved
Jun 13, 2022

Gnu

What is CVE-2022-33025?

References

CVSS V3.1

Timeline