Vulnerabilities > CVE-2020-23861 - Out-of-bounds Write vulnerability in GNU Libredwg 0.10.1

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

gnu

CWE-787

NVD

Published: 2021-05-18

Updated: 2021-05-24

Summary

A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Libredwg 0.10.1	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/LibreDWG/libredwg/issues/248