4 matches found
openSUSE 15 Security Update : libredwg (openSUSE-SU-2023:0201-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0201-1 advisory. - LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decodepreR13section at decoder11.c. CVE-2022-33025 -...
OPENSUSE-SU-2023:0201-1 Security update for libredwg
This update for libredwg fixes the following issues: Update to version 0.12.5.5907 Security issues fixed: CVE-2022-33025: Fixed multiple security issues boo1200898 CVE-2023-36271: Fixed heap buffer overflow via the function bitwcs2nlen boo1212709 CVE-2023-36272: Fixed heap buffer overflow via the...
CVE-2023-36271
creationtimestamp| type| source ---|---|--- 2023-06-23 18:38:34+00:00| seen| https://t.me/cibsecurity/65471 2025-03-06 21:34:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6766 2025-03-08 04:34:55+00:00| seen| Telegram/kC4TEACpoLIDIrQxj8Z8CJCx0aeH-lCnUqJBv2zfxX-tAem...
CVE-2023-36271
CVE-2023-36271 affects LibreDWG, with a heap buffer overflow in the function bit_wcs2nlen implemented in bits.c, impacting versions from 0.10 up to 0.12.5 . The root cause is a memory safety issue in the bit_wcs2nlen routine that can overflow a heap buffer. Impact is described as a high-severity ...