CVE-2021-42585

CWE-787Out-of-bounds Write3 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 40.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Libredwg
Timeline
PublishedMay 23
Latest updateMay 24

Description

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDgnu/libredwg< 0.12.4

🔴Vulnerability Details

2
GHSA
GHSA-cm63-q44g-45j5: A heap buffer overflow was discovered in copy_compressed_bytes in decode_r20072022-05-24
CVEList
CVE-2021-42585: A heap buffer overflow was discovered in copy_compressed_bytes in decode_r20072022-05-23