Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-25222
CVE-2023-25222:
NixOS vulnerability analysis and mitigation
Overview
A heap-based buffer overflow vulnerability was discovered in GNU LibreDWG version 0.12.5 affecting the bitreadRC function in bits.c. The vulnerability was identified and reported on January 30, 2023 (GitHub Issue, NVD).
Technical details
The vulnerability exists in the bitreadRC function at line 320 of bits.c. When processing certain input files, the function attempts to read beyond the allocated buffer boundaries, resulting in a heap buffer overflow condition. The issue was discovered using Address Sanitizer (ASAN) which detected a READ operation of size 1 at an invalid memory location (GitHub Issue).
Impact
The vulnerability could potentially lead to software crashes, protection mechanism bypasses, memory modifications, and under successful exploitation, may result in arbitrary code execution (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management