CVE-2020-6609

GNU LibreDWG 0.9.3.2564 contains a heap-based buffer over-read in read_pages_map (decode_r2007.c), identified as CVE-2020-6609. Multiple connected advisories confirm this vulnerability and state that fixes were delivered in LibreDWG 0.10, with related CVEs 2020-6610 to 2020-6615 addressed in the ...

CVE-2020-6610

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in readsectionsmap in decoder2007.c...

CVE-2020-6610

CVE-2020-6610 affects GNU LibreDWG 0.9.3.2564 via an attempted memory allocation overflow in read_sections_map (decode_r2007.c). The issue is documented across multiple sources (NVD entry for CVE-2020-6610 and related OSV/OpenSUSE advisories) and is mitigated by updating libredwg to release 0.10,...

CVE-2020-6611

CVE-2020-6611 affects GNU LibreDWG 0.9.3.2564 with a NULL pointer dereference in get_next_owned_entity (dwg.c). The vulnerability can lead to a crash/denial of service. Connected advisories indicate fixes in LibreDWG to release 0.10 (e.g., openSUSE/SUSE updates referencing CVE-2020-6611 and libre...

CVE-2020-6612

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copycompressedbytes in decoder2007.c...

CVE-2020-6612

CVE-2020-6612 affects GNU LibreDWG, specifically version 0.9.3.2564, where a heap-based buffer over-read occurs in decode_r2007.c in copy_compressed_bytes. Public advisories from openSUSE/OpenSUSE security updates (libredwg 0.10) indicate this is among several fixes addressing CVEs in the 2020-66...

CVE-2020-6613

CVE-2020-6613 affects GNU LibreDWG 0.9.3.2564 and is described as a heap-based over-read in bit_search_sentinel (bits.c). Connected entries show fixes in libredwg upstream to release 0.10 and security advisories (openSUSE/SUSE updates) that patch libredwg to mitigate CVE-2020-6613 (and related CV...

CVE-2020-6613

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bitsearchsentinel in bits.c...

CVE-2020-6614

CVE-2020-6614 affects GNU LibreDWG 0.9.3.2564 with a heap-based buffer over-read in bfr_read (decode.c). Connected advisories show libredwg fixes in OpenSUSE/SUSE updates (0.10 release), addressing this and related CVEs (6609–6615). Affected: openSUSE Leap 15.1 and backports; remediation is upgra...

CVE-2020-6614

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfrread in decode.c...

CVE-2020-6615

CVE-2020-6615 affects GNU LibreDWG 0.9.3.2564, with an invalid pointer dereference in dwg_dynapi_entity_value (dynapi.c generated by gen-dynapi.pl). Connected sources tie this CVE to libredwg updates fixing multiple issues in version 0.10, and openSUSE/SUSE advisories list it among 7 vulnerabilit...

CVE-2020-6615

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwgdynapientityvalue in dynapi.c dynapi.c is generated by gen-dynapi.pl...

PT-2020-19179 · Gnu +1 · Gnu Libredwg +1

Name of the Vulnerable Software and Affected Versions: GNU LibreDWG version 0.9.3.2564 Description: The issue is related to a heap-based buffer over-read in the copy compressed bytes function located in decode r2007.c. Recommendations: For GNU LibreDWG version 0.9.3.2564, consider updating to a...

CVE-2018-13033

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted ELF file, as demonstrated by bfdelfparseattributes in elf-attrs.c and bfdmalloc in libbfd.c...

CVE-2018-20671

loadspecificdebugsection in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size...

EulerOS 2.0 SP8 : patch (EulerOS-SA-2020-1022)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for...

EulerOS 2.0 SP8 : tar (EulerOS-SA-2020-1035)

According to the version of the tar package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The GNU tar program saves many files together in one archive and can restore individual files or all of the files from that archive. Tar can also be us...

NewStart CGSL CORE 5.05 / MAIN 5.05 : binutils Multiple Vulnerabilities (NS-SA-2019-0228)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has binutils packages installed that are affected by multiple vulnerabilities: - An issue was discovered in armpt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangli...

NewStart CGSL CORE 5.04 / MAIN 5.04 : fribidi Vulnerability (NS-SA-2019-0264)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has fribidi packages installed that are affected by a vulnerability: - A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of...

NewStart CGSL CORE 5.05 / MAIN 5.05 : gcc Multiple Vulnerabilities (NS-SA-2019-0233)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gcc packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service Fortran application crash...