Vulnerability Details CVE-2020-6615
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html
- https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447223
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html
- https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447223