openSUSE 15 Security Update : libredwg (openSUSE-SU-2023:0201-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0201-1 advisory. - LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decodepreR13section at decoder11.c. CVE-2022-33025 -...

OPENSUSE-SU-2023:0201-1 Security update for libredwg

This update for libredwg fixes the following issues: Update to version 0.12.5.5907 Security issues fixed: CVE-2022-33025: Fixed multiple security issues boo1200898 CVE-2023-36271: Fixed heap buffer overflow via the function bitwcs2nlen boo1212709 CVE-2023-36272: Fixed heap buffer overflow via the...

SUSE CVE-2023-36272

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bitutf8toTU at bits.c...

CVE-2023-36272

CVE-2023-36272 affects LibreDWG (v0.10–v0.12.5); the root cause is a heap buffer overflow in the function bit_utf8_to_TU in bits.c. Impact is high (CVE 3.1 score 8.8) with potential in-network exploitation supposing no user interaction is required by the CVE advisory. Public materials in connecte...