Heap Buffer Overflow in LibreDWG Software by LibreDWG
CVE-2023-36274

8.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 23 June 2023

What is CVE-2023-36274?

LibreDWG v0.12.5 has been identified to have a vulnerability that allows for a heap buffer overflow. This issue arises specifically in the function bit_write_TF located in the bits.c file, which could be exploited to manipulate memory inappropriately, potentially leading to unexpected application behavior or system compromise. Users of this version are advised to take action to mitigate possible risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/LibreDWG/libredwg/issues/677#BUG2

https://github.com/LibreDWG/libredwg/commit/8651fa27dd2de...

https://github.com/LibreDWG/libredwg/blob/0.11/src/out_dx...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
Jun 21, 2023

JSON

Gnu

What is CVE-2023-36274?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.