CVE-2019-20013Allocation of Resources Without Limits or Throttling in Libredwg

CWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 31.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU LibredwgOpensuse Backports SLEOpensuse Leap
Timeline
PublishedDec 27
Latest updateMay 24

Description

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDgnu/libredwg< 0.9.3
NVDopensuse/leap15.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-pm4p-p335-5q5f: An issue was discovered in GNU LibreDWG before 02022-05-24
CVEList
CVE-2019-20013: An issue was discovered in GNU LibreDWG before 02019-12-27
CVE-2019-20013 — GNU Libredwg vulnerability | cvebase