CVE-2026-6039

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

PT-2026-49262

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

Linux Distros Unpatched Vulnerability : CVE-2026-6039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17026)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user-supplied data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current...

IrfanView CADImage Plugin Buffer Overflow Vulnerability (CNVD-2025-17061)

IrfanView CADImage Plugin is a CAD plugin from IrfanView. IrfanView CADImage Plugin suffers from a buffer overflow vulnerability that stems from a lack of validation of user data when parsing DXF files, which can be exploited by an attacker to execute code in the context of the current process...

CVE-2025-7320

IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the...

The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.

The vulnerability of the CADImage plugin for viewing and playing back graphic, video, and audio files in IrfanView arises from the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially...

CVE-2024-11566

IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page...

CVE-2023-22670

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it ...

PT-2021-19994 · Unknown · Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Drawings SDK versions prior to 2022.4 Description: An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK, resulting from the lack of proper validation of user-supplied data. This can result in a read past the...

CVE-2021-25175

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack Crash, Exit, or Restart...

CVE-2019-7360

An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018,...