CVE-2023-26157

CWE-400 — Uncontrolled Resource Consumption CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.5HIGH

EPSS

0.0%

top 87.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Libredwg

Timeline

PublishedJan 2

Description

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5libredwg< 0.12.5.6384

▶NVDgnu/libredwg< 0.12.5.6384

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-26157: Versions of the package libredwg before 0↗2024-01-02

▶

GHSA

GHSA-5rxp-9658-h93v: Versions of the package libredwg before 0↗2024-01-02

▶