CVE-2023-26157 Common Vulnerabilities and Exposures

Upstream information

CVE-2023-26157 at MITRE

Description

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1218473 [NEW]

SUSE Security Advisories:

openSUSE-SU-2024:0147-1, published Thu May 30 00:53:37 2024

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP5	`libredwg-devel >= 0.12.5.6924-bp155.3.6.1` `libredwg-tools >= 0.12.5.6924-bp155.3.6.1` `libredwg0 >= 0.12.5.6924-bp155.3.6.1`	Patchnames: openSUSE-2024-147
openSUSE Leap 15.5	`libredwg-devel >= 0.12.5.6924-bp155.3.6.1` `libredwg-tools >= 0.12.5.6924-bp155.3.6.1` `libredwg0 >= 0.12.5.6924-bp155.3.6.1`	Patchnames: openSUSE-2024-147
openSUSE Tumbleweed	`libredwg-devel >= 0.12.5.6924-1.1` `libredwg-tools >= 0.12.5.6924-1.1` `libredwg0 >= 0.12.5.6924-1.1`	Patchnames: openSUSE-Tumbleweed-2024-13544

SUSE Timeline for this CVE

CVE page created: Tue Jan 2 07:00:03 2024
CVE page last modified: Mon Sep 9 14:01:43 2024