Heap Use-After-Free Vulnerability in LibreDWG Software by LibreDWG
CVE-2022-33027

7.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 23 June 2022

What is CVE-2022-33027?

A heap-use-after-free vulnerability was identified in LibreDWG v0.12.4.4608, specifically within the dwg_add_handleref function located in dwg.c. This flaw can potentially allow an attacker to exploit the system memory, leading to unpredictable behavior and security risks. Users are advised to review their installations and consider applying necessary mitigations.

References

https://github.com/LibreDWG/libredwg/issues/490

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2022
Vulnerability Reserved
Jun 13, 2022

Gnu

What is CVE-2022-33027?

References

CVSS V3.1

Timeline