PT-2022-21659 · Libredwg · Libredwg
Cxlzff
·
Published
2022-06-22
·
Updated
2022-06-29
·
CVE-2022-33034
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
LibreDWG version 0.12.4.4608
Description
A stack overflow issue was discovered in the function copy bytes at decode r2007.c, which can be exploited.
Recommendations
For LibreDWG version 0.12.4.4608, consider disabling the copy bytes function in decode r2007.c as a temporary workaround until a patch is available.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libredwg