← Back

CVE-2019-20012

nvd nist
Published: Dec 27, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.

Affected (3)

Gnu
1 product
Libredwg
Opensuse
2 products
Backports Sle
Leap
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libredwg
Version 0.9.2
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Backports Sle
Version 15.0 sp1
Leap
Version 15.1

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (8)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
ExploitIssue TrackingThird Party Advisory
Source: cve@mitre.org
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.