Denial of Service Vulnerability in LibreDWG Library
CVE-2023-26157

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 2 January 2024

Summary

A vulnerability exists in the LibreDWG library that can lead to Denial of Service due to an out-of-bounds read condition found in the decode_r2007.c file. This flaw can result in unintended behavior, potentially causing service disruptions when users attempt to process certain types of data. It is essential for users of the affected versions to apply the necessary patches and updates to mitigate any risks associated with this vulnerability.

Affected Version(s)

libredwg 0 < 0.12.5.6384

References

https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-607...

https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c231...

https://github.com/LibreDWG/libredwg/issues/850

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2024
Vulnerability Reserved
Feb 20, 2023

Credit

Eugene Lim