CVE-2020-21815

A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via outputTEXT ../../programs/dwg2SVG.c:114, which causes a denial of service application crash...

CVE-2020-21813

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via outputTEXT ../../programs/dwg2SVG.c:114...

CVE-2020-21835

A null pointer deference issue exists in GNU LibreDWG 0.10 via read2004compressedsection ../../src/decode.c:2337...

CVE-2020-21838

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read2004sectionappinfo ../../src/decode.c:2842...

CVE-2020-15807

GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files...

CVE-2019-20910

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decodeR13R2000 in decode.c, a different vulnerability than CVE-2019-20011...

CVE-2019-20010

An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolveobjectrefvector in decode.c...

CVE-2019-20909

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwgencodeLWPOLYLINE in dwg.spec...

CVE-2019-20009

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwgdecodeSPLINEprivate in dwg.spec...

CVE-2019-20913

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwgencodeentity in commonentitydata.spec...

CVE-2019-20011

An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decodeR13R2000 in decode.c...

CVE-2019-20015

An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwgdecodeLWPOLYLINEprivate in dwg.spec...

CVE-2013-1048

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an...

K000151474: GNU C Library vulnerability CVE-2025-0395

Security Advisory Description When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. CVE-2025-03...

CVE-2012-2317

The Debian phpcryptrevamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty...

CVE-2013-5724

Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations...

CVE-2013-1662

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsbrelease binary in a directory in the PATH, related to use of the popen library function...

GNU PSPP Buffer Overflow Vulnerability

GNU PSPP is an application for data sampling, statistics and analysis from the American GNU community. GNU PSPP suffers from a buffer overflow vulnerability that originates from a boundary error when processing untrusted input. An attacker could exploit this vulnerability to cause a denial of...

GNU C Library Code Problem Vulnerability

The GNU C Library is an open source, free C language compiler from the GNU community released under the LGPL license. A code issue vulnerability exists in GNU C Library, which can be exploited by an attacker to cause dynamic shared library loading...

CVE-2004-1343

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service server crash...