CVE-2018-14443 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libredwg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 27.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Libredwg
Timeline
PublishedJul 20
Latest updateMay 14

Description

get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

â–¶NVDgnu/libredwg< 0.6

🔴Vulnerability Details

2
GHSA
GHSA-3m98-vjp3-3fhm: get_first_owned_object in dwg↗2022-05-14
â–¶
CVEList
CVE-2018-14443: get_first_owned_object in dwg↗2018-07-20
â–¶

💬Community

1
Bugzilla
CVE-2018-7419 wireshark: NBAP dissector crash in nbap.cnf↗2018-02-26
â–¶
CVE-2018-14443 — GNU Libredwg vulnerability | cvebase