Heap Use-After-Free Vulnerability in LibreDWG by LibreDWG
CVE-2022-35164

9.8CRITICAL

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 18 August 2022

What is CVE-2022-35164?

A heap use-after-free vulnerability was identified in LibreDWG, allowing potential exploitation through improper memory management within the function bit_copy_chain. This security flaw could lead to unexpected behavior or crashes when processing certain input, posing risks to the integrity and availability of the software. Users are advised to review the issue and apply necessary updates.

References

https://github.com/LibreDWG/libredwg/issues/497

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2022
Vulnerability Reserved
Jul 4, 2022

Gnu

What is CVE-2022-35164?

References

CVSS V3.1

Timeline