CVE-2023-26157

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-26157

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26157.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-26157

Downstream

openSUSE-SU-2024:0147-1

openSUSE-SU-2024:13544-1

Related

Published

2024-01-02T05:15:08Z

Modified

2025-10-21T13:10:13.823395Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->numpages in decoder2007.c.

References

Affected packages

Git / github.com/libredwg/libredwg

Affected ranges

Type: GIT
Repo: https://github.com/libredwg/libredwg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c8cf03ce4c2315b146caf582ea061c0460193bcc

Affected versions

0.*

0.10

0.10.1

0.11

0.11.1

0.12

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.3

0.4-dev

0.4.900

0.4.924

0.4.938

0.5

0.6

0.6.1

0.6.2

0.7

0.8

0.9

0.9.1

0.9.2

0.9.3

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/libredwg/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc",
        "target": {
            "file": "src/decode_r2007.c"
        },
        "digest": {
            "line_hashes": [
                "217006450614870285968411797597213745219",
                "200706603769390820511484186268904804199",
                "38104450548866259470583206905950188169",
                "303697867301622723522280517863464584893",
                "115605732533553649165626545854261113058",
                "22212419603647471472522465378850361177",
                "22554465166310408426460977972658723346",
                "314017014099522294806481809755598986064",
                "70930589516202847693881906648549197449",
                "127274737622797487522345195260003544710",
                "57497177010789217660494105716751843323",
                "174370191963990853808538478198741893999",
                "285854601670524749403956162567165650546"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2023-26157-6f3c3ead",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/libredwg/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc",
        "target": {
            "function": "read_data_section",
            "file": "src/decode_r2007.c"
        },
        "digest": {
            "function_hash": "148999153941967560062922587411455634690",
            "length": 2382.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2023-26157-a7b1b0e3",
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/libredwg/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc",
        "target": {
            "function": "read_sections_map",
            "file": "src/decode_r2007.c"
        },
        "digest": {
            "function_hash": "209595528848737100881183906464845156106",
            "length": 4610.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2023-26157-f027f795",
        "signature_version": "v1"
    }
]