PT-2022-21652 · Libredwg · Libredwg

Cxlzff

Published

2022-06-22

Updated

2022-06-29

CVE-2022-33024

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libredwg version 0.12.4.4608

Description The issue is related to an assertion failure in the decode preR13 entities function, which occurs at line 5801 in the decode.c file of libredwg. This failure happens when the dwg2dxf function is called.

Recommendations For libredwg version 0.12.4.4608, consider disabling the decode preR13 entities function as a temporary workaround until a patch is available. Restrict access to the affected decode.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

CVE-2022-33024

Affected Products

Libredwg

PT-2022-21652 · Libredwg · Libredwg

CVE-2022-33024

Weakness Enumeration

Related Identifiers

Affected Products

References · 4