Vulnerabilities > CVE-2020-6611 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | SuSE Local Security Checks |
| NASL id | OPENSUSE-2020-96.NASL |
| description | This update for libredwg fixes the following issues : libredwg was updated to release 0.10 : API breaking changes : - Added a new int *isnewp argument to all dynapi utf8text getters, if the returned string is freshly malloced or not. - removed the UNKNOWN supertype, there are only UNKNOWN_OBJ and UNKNOWN_ENT left, with common_entity_data. - renamed BLOCK_HEADER.preview_data to preview, preview_data_size to preview_size. - renamed SHAPE.shape_no to style_id. - renamed CLASS.wasazombie to is_zombie. Bugfixes : - Harmonized INDXFB with INDXF, removed extra src/in_dxfb.c. - Fixed encoding of added r2000 AUXHEADER address. - Fixed EED encoding from dwgrewrite. - Add several checks against [CVE-2020-6609, boo#1160520], [CVE-2020-6610, boo#1160522], [CVE-2020-6611, boo#1160523], [CVE-2020-6612, boo#1160524], [CVE-2020-6613, boo#1160525], [CVE-2020-6614, boo#1160526], [CVE-2020-6615, boo#1160527] |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 133200 |
| published | 2020-01-23 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/133200 |
| title | openSUSE Security Update : libredwg (openSUSE-2020-96) |