CVE-2024-2002 HIGH

CVE-2024-2002: Libdwarf: crashes randomly on fuzzed object

Vendor Red Hat
Product Red Hat Enterprise Linux 7
Weakness CWE-415
Published March 18, 2024
Last update November 20, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.

Key dates

02Disclosure timeline

March 18, 2024 CVE published
November 20, 2025 Record updated