Login Sign Up

CVE-2019-20912

8.8 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2019-20912 is a stack-based buffer overflow vulnerability in GNU LibreDWG's bit_read_TF function in bits.c. Attackers can exploit this by providing specially crafted DWG files, potentially leading to arbitrary code execution or denial of service. Users and applications that process DWG files with affected LibreDWG versions are vulnerable.

💻 Affected Systems

Products:
  • GNU LibreDWG
Versions: All versions through 0.9.3
Operating Systems: All platforms where LibreDWG is installed
Default Config Vulnerable: ⚠️ Yes
Notes: Any application or service that uses LibreDWG to process DWG files is vulnerable.

📦 What is this software?

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the LibreDWG process, potentially leading to full system compromise if the process runs with elevated privileges.

🟠

Likely Case

Application crash (denial of service) when processing malicious DWG files, potentially disrupting CAD workflows or automated processing systems.

🟢

If Mitigated

Limited impact if the application runs with minimal privileges and proper sandboxing, though service disruption remains possible.

🌐 Internet-Facing: MEDIUM - Applications that accept DWG uploads from untrusted sources (like web CAD viewers) could be exploited remotely.
🏢 Internal Only: LOW - Primarily affects users processing DWG files from untrusted sources internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires providing a malicious DWG file to the vulnerable application. The GitHub issue shows proof-of-concept crash examples.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit b84c2cab55948a5ee70860779b2640913e3ee1ed

Vendor Advisory: https://github.com/LibreDWG/libredwg/commit/b84c2cab55948a5ee70860779b2640913e3ee1ed

Restart Required: Yes

Instructions:

1. Update LibreDWG to version 0.9.4 or later. 2. Rebuild any applications that link against LibreDWG. 3. Restart affected services.

🔧 Temporary Workarounds

Disable DWG file processing

all

Temporarily disable LibreDWG-based DWG processing in applications until patched.

Input validation

all

Implement strict validation of DWG files before passing to LibreDWG.

🧯 If You Can't Patch

  • Run LibreDWG processes with minimal privileges and in sandboxed environments
  • Implement network segmentation to limit access to vulnerable systems

🔍 How to Verify

Check if Vulnerable:

Check LibreDWG version: redwg --version. If version is 0.9.3 or earlier, you are vulnerable.

Check Version:

redwg --version

Verify Fix Applied:

Verify version is 0.9.4 or later and test with known malicious DWG files to ensure no crashes.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults when processing DWG files
  • Stack overflow errors in application logs

Network Indicators:

  • Unusual DWG file uploads to web applications
  • Multiple failed processing attempts

SIEM Query:

source="application.log" AND ("segmentation fault" OR "stack overflow") AND process="libredwg"

📊 Metadata

CVE ID: CVE-2019-20912
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: July 16, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-20912, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)