Vulnerability Details CVE-2020-6613
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.8
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html
- https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447025
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html
- https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447025