PT-2019-16050 · Gnu+1 · Gnu Libredwg+1

Linhlhq

Published

2019-12-27

Updated

2020-08-24

CVE-2019-20015

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU LibreDWG version 0.92

Description An issue was discovered where crafted input leads to an attempted excessive memory allocation in the dwg decode LWPOLYLINE private function within dwg.spec.

Recommendations For GNU LibreDWG version 0.92, at the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2019-20015

OPENSUSE-SU-2020:0068-1

OPENSUSE-SU-2020:0095-1

OPENSUSE-SU-2020_0068-1

Affected Products

Gnu Libredwg

Suse

PT-2019-16050 · Gnu+1 · Gnu Libredwg+1

CVE-2019-20015

Weakness Enumeration

Related Identifiers

Affected Products

References · 45