CVE-2019-20013

Published: Dec 27, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

Affected (3)

Products: Gnu: Libredwg · Opensuse: Backports Sle, Leap

1 product

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Libredwg	Before 0.9.3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Backports Sle	Version 15.0 sp1
Opensuse Leap	Version 15.1

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (10)

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://github.com/LibreDWG/libredwg/compare/0.9.2...0.9.3

Source: cve@mitre.org

PatchRelease NotesThird Party Advisory

https://github.com/LibreDWG/libredwg/issues/176

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643060

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html