CVE-2018-14524Double Free in Libredwg

CWE-415Double Free3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 53.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Libredwg
Timeline
PublishedJul 23
Latest updateMay 14

Description

dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDgnu/libredwg< 0.6

Patches

Patch: savannah.gnu.orgPatch: savannah.gnu.org

🔴Vulnerability Details

2
GHSA
GHSA-8p82-m269-wg8g: dwg_decode_eed in decode2022-05-14
CVEList
CVE-2018-14524: dwg_decode_eed in decode2018-07-23
CVE-2018-14524 — Double Free in GNU Libredwg | cvebase