CVE-2019-20015Allocation of Resources Without Limits or Throttling in Libredwg

CWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 31.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU LibredwgOpensuse Backports SLEOpensuse Leap
Timeline
PublishedDec 27
Latest updateMay 24

Description

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDgnu/libredwg0.9.2
NVDopensuse/leap15.1

🔴Vulnerability Details

2
GHSA
GHSA-p954-64g4-mq44: An issue was discovered in GNU LibreDWG 02022-05-24
CVEList
CVE-2019-20015: An issue was discovered in GNU LibreDWG 02019-12-27
CVE-2019-20015 — GNU Libredwg vulnerability | cvebase