CVE-2023-26157

Опубликовано: 02 янв. 2024

Источник: nvd

CVSS3: 5.5

CVSS3: 7.5

EPSS Низкий

Описание

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

Ссылки

https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc
Patch
https://github.com/LibreDWG/libredwg/issues/850
Exploit
Issue Tracking
Patch
https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730
Third Party Advisory
https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc
Patch
https://github.com/LibreDWG/libredwg/issues/850
Exploit
Issue Tracking
Patch
https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*

Версия до 0.12.5.6384 (исключая)

EPSS

Процентиль: 13%

0.00043

Низкий

5.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-400

CWE-125

Связанные уязвимости

CVE-2023-26157

CVSS3: 5.5

debian

около 2 лет назад

Versions of the package libredwg before 0.12.5.6384 are vulnerable to ...

openSUSE-SU-2024:0147-1

suse-cvrf

больше 1 года назад

Security update for libredwg

GHSA-5rxp-9658-h93v

CVSS3: 5.5

github

около 2 лет назад

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

EPSS

Процентиль: 13%

0.00043

Низкий

5.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-400

CWE-125