Vulnerability Details CVE-2019-9773
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html
- http://www.securityfocus.com/bid/107447
- https://github.com/LibreDWG/libredwg/issues/99
- https://savannah.gnu.org/bugs/index.php?55893
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html
- http://www.securityfocus.com/bid/107447
- https://github.com/LibreDWG/libredwg/issues/99
- https://savannah.gnu.org/bugs/index.php?55893