A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
A heap-based buffer overflow vulnerability exists in GNU LibreDWG up to version 0.14 in the read_2004_compressed_section function, requiring local access to exploit. The vulnerability affects DWG file processing and could lead to code execution or denial of service.
تم اكتشاف ثغرة تجاوز مخزن مؤقت قائم على الكومة في مكتبة GNU LibreDWG الإصدار 0.14 وما قبله في دالة read_2004_compressed_section. تتطلب الثغرة وصولاً محلياً للاستفادة منها وقد تؤدي إلى تنفيذ كود عشوائي أو رفض الخدمة.
A heap-based buffer overflow vulnerability exists in GNU LibreDWG up to version 0.14 in the read_2004_compressed_section function, requiring local access to exploit. The vulnerability affects DWG file processing and could lead to code execution or denial of service.
Update GNU LibreDWG to a patched version beyond 0.14 immediately. Restrict local file access to trusted users only. Implement input validation for DWG files. Monitor systems for suspicious DWG file processing activities.
قم بتحديث GNU LibreDWG إلى إصدار مصحح أحدث من 0.14 فوراً. قيد الوصول المحلي للملفات للمستخدمين الموثوقين فقط. طبق التحقق من صحة المدخلات لملفات DWG. راقب الأنظمة للأنشطة المريبة في معالجة ملفات DWG.