CVE-2023-26157 - OpenCVE

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gnu	Libredwg

Configuration 1 [-]

cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc
https://github.com/LibreDWG/libredwg/issues/850
https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2024-01-02T05:00:02.461Z

Updated: 2024-08-02T11:39:06.633Z

Reserved: 2023-02-20T10:28:48.930Z

Link: CVE-2023-26157

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-02T05:15:08.160

Modified: 2024-01-08T19:33:27.113

Link: CVE-2023-26157

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*", "matchCriteriaId": "C0D7618D-9F7C-4654-822E-48A907537B85", "versionEndExcluding": "0.12.5.6384", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c."}, {"lang": "es", "value": "Las versiones del paquete libredwg anteriores a 0.12.5.6384 son vulnerables a la Denegaci\u00f3n de Servicio (DoS) debido a una lectura fuera de los l\u00edmites que involucra section->num_pages en decode_r2007.c."}], "id": "CVE-2023-26157", "lastModified": "2024-01-08T19:33:27.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2024-01-02T05:15:08.160", "references": [{"source": "report@snyk.io", "tags": ["Patch"], "url": "https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc"}, {"source": "report@snyk.io", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://github.com/LibreDWG/libredwg/issues/850"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "report@snyk.io", "type": "Secondary"}]}