osv-2023-316
Vulnerability from osv_ossfuzz
Published
2023-04-15 14:02
Modified
2023-04-26 14:15
Summary
Segv on unknown address in dwg_ref_get_object
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57981

Crash type: Segv on unknown address
Crash state:
dwg_ref_get_object
dwg_geojson_feature
dwg_geojson_object
To clipboard 

{
  "affected": [
    {
      "ecosystem_specific": {
        "severity": null
      },
      "package": {
        "ecosystem": "OSS-Fuzz",
        "name": "libredwg",
        "purl": "pkg:generic/libredwg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "580e8bbebf18579b97e2c20b032368b9079624ca"
            },
            {
              "fixed": "52cc8332b2a7ada86cf07e2bfe906bb4e33ca29d"
            }
          ],
          "repo": "https://github.com/LibreDWG/libredwg",
          "type": "GIT"
        }
      ],
      "versions": [
        "0.12.4.4635",
        "0.12.4.4637",
        "0.12.4.4641",
        "0.12.4.4643",
        "0.12.4.4647",
        "0.12.4.4652",
        "0.12.4.4654",
        "0.12.4.4658",
        "0.12.4.4660",
        "0.12.4.4668",
        "0.12.5.4669",
        "0.12.5.4678",
        "0.12.5.4685",
        "0.12.5.4690",
        "0.12.5.4693",
        "0.12.5.4695",
        "0.12.5.4697",
        "0.12.5.4700",
        "0.12.5.4709",
        "0.12.5.4712",
        "0.12.5.4715",
        "0.12.5.4722",
        "0.12.5.4724",
        "0.12.5.4726",
        "0.12.5.4731",
        "0.12.5.4735",
        "0.12.5.4739",
        "0.12.5.4741",
        "0.12.5.4743",
        "0.12.5.4748",
        "0.12.5.4750",
        "0.12.5.4756",
        "0.12.5.4760",
        "0.12.5.4763",
        "0.12.5.4765",
        "0.12.5.4772",
        "0.12.5.4776",
        "0.12.5.4780",
        "0.12.5.4784",
        "0.12.5.4787",
        "0.12.5.4797",
        "0.12.5.4803",
        "0.12.5.4805",
        "0.12.5.4815",
        "0.12.5.4820",
        "0.12.5.4823",
        "0.12.5.4825",
        "0.12.5.4831",
        "0.12.5.4833",
        "0.12.5.4835",
        "0.12.5.4837",
        "0.12.5.4838",
        "0.12.5.4852",
        "0.12.5.4859",
        "0.12.5.4865",
        "0.12.5.4873",
        "0.12.5.4881",
        "0.12.5.4885",
        "0.12.5.4887",
        "0.12.5.4890",
        "0.12.5.4893",
        "0.12.5.4896",
        "0.12.5.4911",
        "0.12.5.4913",
        "0.12.5.4915",
        "0.12.5.4925",
        "0.12.5.4931",
        "0.12.5.4934",
        "0.12.5.4937",
        "0.12.5.4943",
        "0.12.5.4944",
        "0.12.5.4945",
        "0.12.5.4959",
        "0.12.5.4969",
        "0.12.5.4998",
        "0.12.5.5001",
        "0.12.5.5002",
        "0.12.5.5004",
        "0.12.5.5007",
        "0.12.5.5010",
        "0.12.5.5016",
        "0.12.5.5024",
        "0.12.5.5028",
        "0.12.5.5030",
        "0.12.5.5035",
        "0.12.5.5040",
        "0.12.5.5044",
        "0.12.5.5046",
        "0.12.5.5050",
        "0.12.5.5052",
        "0.12.5.5060",
        "0.12.5.5061",
        "0.12.5.5066",
        "0.12.5.5085",
        "0.12.5.5091",
        "0.12.5.5092",
        "0.12.5.5093",
        "0.12.5.5094",
        "0.12.5.5095",
        "0.12.5.5097",
        "0.12.5.5101",
        "0.12.5.5103",
        "0.12.5.5104",
        "0.12.5.5111",
        "0.12.5.5122",
        "0.12.5.5135",
        "0.12.5.5137",
        "0.12.5.5140",
        "0.12.5.5142",
        "0.12.5.5161",
        "0.12.5.5163",
        "0.12.5.5169",
        "0.12.5.5170",
        "0.12.5.5178",
        "0.12.5.5179",
        "0.12.5.5182",
        "0.12.5.5183",
        "0.12.5.5184",
        "0.12.5.5185",
        "0.12.5.5186",
        "0.12.5.5195",
        "0.12.5.5203",
        "0.12.5.5206",
        "0.12.5.5207",
        "0.12.5.5227",
        "0.12.5.5245",
        "0.12.5.5249",
        "0.12.5.5256",
        "0.12.5.5269",
        "0.12.5.5270",
        "0.12.5.5271",
        "0.12.5.5288",
        "0.12.5.5314",
        "0.12.5.5320",
        "0.12.5.5329",
        "0.12.5.5333",
        "0.12.5.5334",
        "0.12.5.5340",
        "0.12.5.5342",
        "0.12.5.5344",
        "0.12.5.5348",
        "0.12.5.5353",
        "0.12.5.5356",
        "0.12.5.5364",
        "0.12.5.5377",
        "0.12.5.5385",
        "0.12.5.5391",
        "0.12.5.5393",
        "0.12.5.5395",
        "0.12.5.5396",
        "0.12.5.5405",
        "0.12.5.5411",
        "0.12.5.5415",
        "0.12.5.5417",
        "0.12.5.5422"
      ]
    }
  ],
  "details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57981\n\n```\nCrash type: Segv on unknown address\nCrash state:\ndwg_ref_get_object\ndwg_geojson_feature\ndwg_geojson_object\n```\n",
  "id": "OSV-2023-316",
  "modified": "2023-04-26T14:15:55.803644Z",
  "published": "2023-04-15T14:02:19.562348Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57981"
    }
  ],
  "schema_version": "1.4.0",
  "summary": "Segv on unknown address in dwg_ref_get_object"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.