Bug 1102696 (CVE-2018-14471) - VUL-1: CVE-2018-14471: libredwg: dwg_obj_block_control_get_block_headers in dwg_api.c allows remote attackers to cause a denial of service
Summary: VUL-1: CVE-2018-14471: libredwg: dwg_obj_block_control_get_block_headers in d...
Status: RESOLVED FIXED
Alias: CVE-2018-14471
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: Other Other
: P4 - Low : Minor (vote)
Target Milestone: Current
Assignee: Andreas Stieger
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/211248/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-07-26 07:43 UTC by Johannes Segitz
Modified: 2018-10-04 15:43 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Reproducer (34.57 KB, image/vnd.dwg)
2018-07-26 07:43 UTC, Johannes Segitz 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-07-26 07:43:29 UTC 
Created attachment 778065 [details]
Reproducer

CVE-2018-14471

dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048
allows remote attackers to cause a denial of service (NULL pointer dereference
and SEGV) via a crafted dwg file.

Fix: https://github.com/LibreDWG/libredwg/commit/7bb6307da56c753b962de127a43ebde3e621ecbb

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-14471
https://github.com/LibreDWG/libredwg/issues/32
Comment 2 Andreas Stieger 2018-08-09 09:51:48 UTC 
submitted to factory
Comment 3 Swamp Workflow Management 2018-08-09 10:30:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1102696) was mentioned in
https://build.opensuse.org/request/show/628364 Factory / libredwg