Stack Overflow Vulnerability in LibreDWG by LibreDWG
CVE-2022-33034

7.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 22 June 2022

Summary

A stack overflow vulnerability has been identified in LibreDWG v0.12.4.4608. This issue occurs within the 'copy_bytes' function located in decode_r2007.c, allowing attackers to potentially exploit the flaw for arbitrary code execution and affect the stability of the application. As such, it's critical for users to seek updates and ensure their installations are secure.

References

https://github.com/LibreDWG/libredwg/issues/494

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 22, 2022
Vulnerability Reserved
Jun 13, 2022