CVE-2019-20914 — NULL Pointer Dereference in Libredwg

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 41.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libredwg

Timeline

PublishedJul 16

Latest updateMay 24

Description

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDgnu/libredwg0.9.3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-4x8f-6m48-c263: An issue was discovered in GNU LibreDWG through 0↗2022-05-24

▶

CVEList

CVE-2019-20914: An issue was discovered in GNU LibreDWG through 0↗2020-07-16

▶