Double-Free Vulnerability in LibreDWG by LibreDWG
CVE-2022-33033

7.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 23 June 2022

What is CVE-2022-33033?

LibreDWG v0.12.4.4608 has been identified to have a double-free vulnerability within the dwg_read_file function in dwg.c. This flaw may allow attackers to manipulate memory management, leading to unexpected behaviors or potential exploitation of the application. It is crucial for users to remain vigilant and update to the patched versions to mitigate any associated risks.

References

https://github.com/LibreDWG/libredwg/issues/493

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2022
Vulnerability Reserved
Jun 13, 2022

Gnu

What is CVE-2022-33033?

References

CVSS V3.1

Timeline