Heap Buffer Overflow in LibreDWG Software by LibreDWG
CVE-2023-36274

8.8HIGH

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 23 June 2023

What is CVE-2023-36274?

LibreDWG v0.12.5 has been identified to have a vulnerability that allows for a heap buffer overflow. This issue arises specifically in the function bit_write_TF located in the bits.c file, which could be exploited to manipulate memory inappropriately, potentially leading to unexpected application behavior or system compromise. Users of this version are advised to take action to mitigate possible risks.

References

https://github.com/LibreDWG/libredwg/issues/677#BUG2

https://github.com/LibreDWG/libredwg/commit/8651fa27dd2de...

https://github.com/LibreDWG/libredwg/blob/0.11/src/out_dx...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2023
Vulnerability Reserved
Jun 21, 2023

Gnu

What is CVE-2023-36274?

References

CVSS V3.1

Timeline