Vulnerabilities > CVE-2020-6611 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
gnu
opensuse
CWE-476
nessus

Summary

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

Vulnerable Configurations

Part Description Count
Application
Gnu
1
Application
Opensuse
1
OS
Opensuse
1

Common Weakness Enumeration (CWE)

Nessus

NASL familySuSE Local Security Checks
NASL idOPENSUSE-2020-96.NASL
descriptionThis update for libredwg fixes the following issues : libredwg was updated to release 0.10 : API breaking changes : - Added a new int *isnewp argument to all dynapi utf8text getters, if the returned string is freshly malloced or not. - removed the UNKNOWN supertype, there are only UNKNOWN_OBJ and UNKNOWN_ENT left, with common_entity_data. - renamed BLOCK_HEADER.preview_data to preview, preview_data_size to preview_size. - renamed SHAPE.shape_no to style_id. - renamed CLASS.wasazombie to is_zombie. Bugfixes : - Harmonized INDXFB with INDXF, removed extra src/in_dxfb.c. - Fixed encoding of added r2000 AUXHEADER address. - Fixed EED encoding from dwgrewrite. - Add several checks against [CVE-2020-6609, boo#1160520], [CVE-2020-6610, boo#1160522], [CVE-2020-6611, boo#1160523], [CVE-2020-6612, boo#1160524], [CVE-2020-6613, boo#1160525], [CVE-2020-6614, boo#1160526], [CVE-2020-6615, boo#1160527]
last seen2020-06-01
modified2020-06-02
plugin id133200
published2020-01-23
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/133200
titleopenSUSE Security Update : libredwg (openSUSE-2020-96)