Heap-Based Buffer Overflow Vulnerability in GNU LibreDWG
CVE-2023-25222

8.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 1 March 2023

What is CVE-2023-25222?

A heap-based buffer overflow vulnerability has been identified in GNU LibreDWG version 0.12.5, specifically within the bit_read_RC function found in bits.c. This vulnerability could allow an attacker to execute arbitrary code or cause a denial of service, potentially compromising the security and integrity of affected systems. It is crucial for users of GNU LibreDWG to apply the necessary patches or updates to mitigate the risk associated with this vulnerability.

References

https://github.com/LibreDWG/libredwg/issues/615

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Feb 6, 2023

Gnu

What is CVE-2023-25222?

References

CVSS V3.1

Timeline