Heap Buffer Overflow in LibreDWG Affects LibreDWG v0.12.5
CVE-2023-36273

8.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 23 June 2023

What is CVE-2023-36273?

LibreDWG v0.12.5 contains a vulnerability that allows attackers to exploit a heap buffer overflow through the function bit_calc_CRC in the bits.c source file. This flaw can potentially lead to arbitrary code execution, making it crucial for users to update to the latest version to mitigate risks associated with this vulnerability.

References

https://github.com/LibreDWG/libredwg/issues/677#BUG1

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
Jun 21, 2023

Gnu

What is CVE-2023-36273?

References

CVSS V3.1

Timeline