Login Sign Up

CVE-2019-9770

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability exists in GNU LibreDWG's dwg_decode_eed_data function when processing the y dimension. This allows attackers to execute arbitrary code or cause denial of service by providing specially crafted DWG files. Users and applications that process DWG files with affected LibreDWG versions are vulnerable.

💻 Affected Systems

Products:
  • GNU LibreDWG
Versions: 0.7 through 0.7.1645
Operating Systems: All platforms running LibreDWG
Default Config Vulnerable: ⚠️ Yes
Notes: Any application or service using LibreDWG to process DWG files is vulnerable.

📦 What is this software?

Backports Sle by Opensuse

View all CVEs affecting Backports Sle →

Leap by Opensuse

View all CVEs affecting Leap →

Libredwg by Gnu

View all CVEs affecting Libredwg →

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the LibreDWG process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious DWG files.

🟢

If Mitigated

Limited to denial of service if memory protections like ASLR are effective.

🌐 Internet-Facing: MEDIUM - Exploitation requires processing attacker-controlled DWG files, which could occur through file uploads or web services.
🏢 Internal Only: LOW - Requires local file processing or internal network file sharing exploitation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in public references; exploitation requires providing a malicious DWG file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8 or later

Vendor Advisory: https://savannah.gnu.org/bugs/index.php?55893

Restart Required: No

Instructions:

1. Update LibreDWG to version 0.8 or later. 2. Recompile any applications using LibreDWG with the updated library. 3. Test with sample DWG files to ensure functionality.

🔧 Temporary Workarounds

Disable LibreDWG processing

all

Temporarily disable or block processing of DWG files through LibreDWG until patched.

Use alternative DWG processor

all

Switch to a different DWG file processing library that is not vulnerable.

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for DWG files before processing.
  • Run LibreDWG in a sandboxed or containerized environment with limited privileges.

🔍 How to Verify

Check if Vulnerable:

Check LibreDWG version: `libredwg --version` or `dpkg -l | grep libredwg` on Debian-based systems.

Check Version:

libredwg --version

Verify Fix Applied:

Confirm version is 0.8 or later and test processing known good DWG files.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes or segmentation faults when processing DWG files
  • Unusual memory access errors in system logs

Network Indicators:

  • Unexpected uploads of DWG files to vulnerable services

SIEM Query:

source="application.log" AND ("segmentation fault" OR "buffer overflow") AND "libredwg"

📊 Metadata

CVE ID: CVE-2019-9770
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: March 14, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-9770, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2018-6692 10.0

This vulnerability allows remote attackers to execute arbitrary code on Belkin Wemo Insight Smart Pl...

Same vulnerability type (CWE-787)