CVE-2022-33025 – LibreDWG v0.12.4.4608 contains a heap-use-after... (How to Fix)

Q: What is the severity of CVE-2022-33025?

CVE-2022-33025 has a CVSS score of 7.8 (HIGH). LibreDWG v0.12.4.4608 contains a heap-use-after-free vulnerability in the decode_preR13_section function at decode_r11.c. This allows attackers to potentially execute arbitrary code or cause denial of service by processing specially crafted DWG files. Anyone using LibreDWG to parse DWG files is affected.

📋 TL;DR

LibreDWG v0.12.4.4608 contains a heap-use-after-free vulnerability in the decode_preR13_section function at decode_r11.c. This allows attackers to potentially execute arbitrary code or cause denial of service by processing specially crafted DWG files. Anyone using LibreDWG to parse DWG files is affected.

💻 Affected Systems

Products:

LibreDWG

Versions: v0.12.4.4608 and potentially earlier versions

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using the vulnerable version are affected when processing DWG files through the decode_preR13_section function.

📦 What is this software?

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the application processes malicious DWG files with appropriate memory layout.

🟠

Likely Case

Application crash (denial of service) when processing malformed DWG files, potentially leading to data loss or service disruption.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and proper sandboxing, though crashes could still occur.

🌐 Internet-Facing: MEDIUM - Risk exists if LibreDWG processes user-uploaded DWG files via web interfaces or APIs, but requires specific file processing triggers.

🏢 Internal Only: LOW - Primarily affects users processing DWG files locally; internal network exposure limited to file sharing scenarios.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious DWG file that triggers the heap-use-after-free condition; no public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.12.5 or later

Vendor Advisory: https://github.com/LibreDWG/libredwg/issues/487

Restart Required: Yes

Instructions:

1. Check current LibreDWG version. 2. Update to v0.12.5 or later via package manager or source compilation. 3. Restart any services using LibreDWG. 4. Verify the fix by checking version.

🔧 Temporary Workarounds

Disable DWG file processing

linux

Temporarily disable LibreDWG's ability to process DWG files until patched

# Remove or rename libredwg binary
sudo mv /usr/bin/dwgread /usr/bin/dwgread.disabled

Input validation

all

Implement strict validation of DWG files before processing

# Add file validation in application code
# Example: check file headers before passing to LibreDWG

🧯 If You Can't Patch

Run LibreDWG in a sandboxed environment with minimal privileges
Implement network segmentation to isolate systems processing DWG files

🔍 How to Verify

Check if Vulnerable:

Check if LibreDWG version is v0.12.4.4608 or earlier and if DWG file processing is enabled

Check Version:

dwgread --version 2>/dev/null || echo "LibreDWG not found"

Verify Fix Applied:

Confirm LibreDWG version is v0.12.5 or later and test with known DWG files

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Memory access violation errors in system logs
Unexpected process termination when processing DWG files

Network Indicators:

Unusual file uploads to DWG processing endpoints
Multiple failed DWG processing attempts

SIEM Query:

process_name:"dwgread" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2022-33025

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 23, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/LibreDWG/libredwg/issues/487 Exploit,Issue Tracking,Third Party Advisory
https://github.com/LibreDWG/libredwg/issues/487 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33025, you might also want to check these: