Lucene search

[email protected]CVE-2021-39521

HistorySep 20, 2021 - 4:15 p.m.

CVE-2021-39521

2021-09-2016:15:11

CWE-476

[email protected]

web.nvd.nist.gov

cve

2021

39521

libredwg

null pointer dereference

denial of service

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

34.2%

JSON

An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.

Affected configurations

NVD

Node

gnulibredwgRange≤0.10.1.3751

CPENameOperatorVersion
gnu:libredwggnu libredwgle0.10.1.3751

CPE	Name	Operator	Version
gnu:libredwg	gnu libredwg	le	0.10.1.3751

References

github.com/LibreDWG/libredwg/issues/262

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

34.2%

JSON

Related for CVE-2021-39521

osv1 cvelist1 nvd1 cnvd1 prion1