CVE-2019-9774

moderate-risk
Published 2019-03-14

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.

Do I need to act?

~
2.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Gnu Opensuse

References (10)

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html
Broken Link http://www.securityfocus.com/bid/107447
Exploit https://github.com/LibreDWG/libredwg/issues/99
Third Party Advisory https://savannah.gnu.org/bugs/index.php?55893
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html
Broken Link http://www.securityfocus.com/bid/107447
Exploit https://github.com/LibreDWG/libredwg/issues/99
Third Party Advisory https://savannah.gnu.org/bugs/index.php?55893
46
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 5/34 · Minimal
Exposure 10/34 · Low