CVE-2018-14524

Опубликовано: 23 июл. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.

Ссылки

https://github.com/LibreDWG/libredwg/issues/33
Issue Tracking
Third Party Advisory
https://savannah.gnu.org/forum/forum.php?forum_id=9211
Patch
Release Notes
https://github.com/LibreDWG/libredwg/issues/33
Issue Tracking
Third Party Advisory
https://savannah.gnu.org/forum/forum.php?forum_id=9211
Patch
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*

Версия до 0.6 (исключая)

EPSS

Процентиль: 47%

0.00238

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-415

Связанные уязвимости

CVE-2018-14524

CVSS3: 6.5

debian

больше 7 лет назад

dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a doubl ...

GHSA-8p82-m269-wg8g

CVSS3: 6.5

github

больше 3 лет назад

dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.

EPSS

Процентиль: 47%

0.00238

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-415