Vulnerability Details CVE-2019-20010
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.4%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html
- https://github.com/LibreDWG/libredwg/issues/176
- https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html
- https://github.com/LibreDWG/libredwg/issues/176
- https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383