Vulnerabilities > CVE-2018-14524 - Double Free vulnerability in GNU Libredwg
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Statements
| contributor | Reini Urban |
| lastmodified | 2018-08-13 |
| organization | libredwg |
| statement | This issue has been resolved in the latest release of libredwg-0.6. See https://savannah.gnu.org/forum/forum.php?forum_id=9211. |