Vulnerability Details CVE-2021-36080
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31724
- https://github.com/LibreDWG/libredwg/commit/9b6e0ff9ef02818df034fc42c3bd149a5ff89342
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-495.yaml
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31724
- https://github.com/LibreDWG/libredwg/commit/9b6e0ff9ef02818df034fc42c3bd149a5ff89342
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-495.yaml
Products affected by CVE-2021-36080
-
cpe:2.3:a:gnu:libredwg:0.12.3.4163
-
cpe:2.3:a:gnu:libredwg:0.12.3.4165
-
cpe:2.3:a:gnu:libredwg:0.12.3.4167
-
cpe:2.3:a:gnu:libredwg:0.12.3.4173
-
cpe:2.3:a:gnu:libredwg:0.12.3.4176
-
cpe:2.3:a:gnu:libredwg:0.12.3.4178
-
cpe:2.3:a:gnu:libredwg:0.12.3.4180
-
cpe:2.3:a:gnu:libredwg:0.12.3.4185
-
cpe:2.3:a:gnu:libredwg:0.12.3.4189
-
cpe:2.3:a:gnu:libredwg:0.12.3.4191