88 matches found
CVE-2019-20013
CVE-2019-20013 affects GNU LibreDWG prior to 0.93: crafted input can trigger an excessive memory allocation in decode_3dsolid (dwg.spec). Connected advisories show this as addressed in the libredwg updates to release 0.9.3, with overflow/memory-leak mitigations and additional fuzzing protections....
CVE-2020-6613
CVE-2020-6613 affects GNU LibreDWG 0.9.3.2564 and is described as a heap-based over-read in bit_search_sentinel (bits.c). Connected entries show fixes in libredwg upstream to release 0.10 and security advisories (openSUSE/SUSE updates) that patch libredwg to mitigate CVE-2020-6613 (and related CV...
CVE-2019-20012
CVE-2019-20012 affects GNU LibreDWG up to version 0.92. Crafted input can cause an excessive memory allocation in dwg_decode_HATCH_private (dwg.spec). The Red Hat/OpenSUSE ecosystem references confirm the vulnerability and record fixes in LibreDWG, notably updating to release 0.9.x (e.g., 0.9.3) ...
CVE-2019-20011
CVE-2019-20011 is a heap-based buffer over-read in GNU LibreDWG up to version 0.9.3 (decode_R13_R2000 in decode.c). OpenSUSE/SUSE advisories indicate this was addressed by releasing LibreDWG 0.9.3 with overflow checks and related fixes, and other documents corroborate the same vulnerability class...
CVE-2019-20015
CVE-2019-20015 affects GNU LibreDWG 0.92. Crafted input can trigger an excessive memory allocation in dwg_decode_LWPOLYLINE_private (dwg.spec). Public U/A details are provided across multiple advisories; exploitability status is not stated in the provided documents. OpenSUSE/SUSE advisories show ...
CVE-2019-20010
CVE-2019-20010 affects GNU LibreDWG 0.92 with a use-after-free in resolve_objectref_vector (decode.c). Connected advisories show openSUSE/libredwg updates up to release 0.9.3 addressing this and related CVEs (e.g., 2019-20010, 2019-20011, 2019-20012, 2019-20013, 2019-20014, 2019-20015) across Ope...
CVE-2019-20009
CVE-2019-20009 affects GNU LibreDWG prior to 0.93. The issue arises from crafted input causing an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec, leading to memory exhaustion. Multiple connected advisories (openSUSE/SUSE) document the vulnerability and confirm reme...
CVE-2019-20014
CVE-2019-20014 (GNU LibreDWG) is a double-free in dwg_free() before 0.93. Public documents confirm the issue and list fixes in LibreDWG releases up to 0.9.3 (OpenSUSE/EU/Red Hat advisories), with remediation by upgrading to 0.9.3 or later. NVD reports CVSS v2: 6.8 (NETWORK, PARTIAL/partial impact...
CVE-2023-36274
LibreDWG vulnerability CVE-2023-36274 affects LibreDWG v0.11 through v0.12.5, caused by a heap buffer overflow in the bit_write_TF function (bits.c). Impact details in the sources indicate such overflow could lead to memory corruption. Public-fix references show OpenSUSE backport/update to 0.12.5...
CVE-2023-36272
CVE-2023-36272 affects LibreDWG (v0.10–v0.12.5); the root cause is a heap buffer overflow in the function bit_utf8_to_TU in bits.c. Impact is high (CVE 3.1 score 8.8) with potential in-network exploitation supposing no user interaction is required by the CVE advisory. Public materials in connecte...
CVE-2023-36271
CVE-2023-36271 affects LibreDWG, with a heap buffer overflow in the function bit_wcs2nlen implemented in bits.c, impacting versions from 0.10 up to 0.12.5 . The root cause is a memory safety issue in the bit_wcs2nlen routine that can overflow a heap buffer. Impact is described as a high-severity ...
CVE-2023-36273
CVE-2023-36273 affects LibreDWG in version 0.12.5, where a heap buffer overflow is triggered by the function bit_calc_CRC in bits.c. This is confirmed across multiple sources (NVD entry and OSS/openSUSE advisories) and is addressed by updating to LibreDWG v0.12.5.5907, which fixes the heap buffer...
CVE-2020-6610
CVE-2020-6610 affects GNU LibreDWG 0.9.3.2564 via an attempted memory allocation overflow in read_sections_map (decode_r2007.c). The issue is documented across multiple sources (NVD entry for CVE-2020-6610 and related OSV/OpenSUSE advisories) and is mitigated by updating libredwg to release 0.10,...
CVE-2020-6615
CVE-2020-6615 affects GNU LibreDWG 0.9.3.2564, with an invalid pointer dereference in dwg_dynapi_entity_value (dynapi.c generated by gen-dynapi.pl). Connected sources tie this CVE to libredwg updates fixing multiple issues in version 0.10, and openSUSE/SUSE advisories list it among 7 vulnerabilit...
CVE-2020-6609
GNU LibreDWG 0.9.3.2564 contains a heap-based buffer over-read in read_pages_map (decode_r2007.c), identified as CVE-2020-6609. Multiple connected advisories confirm this vulnerability and state that fixes were delivered in LibreDWG 0.10, with related CVEs 2020-6610 to 2020-6615 addressed in the ...
CVE-2019-9773
CVE-2019-9773 affects GNU LibreDWG, with a heap-based buffer overflow in dwg_decode_eed_data (z dimension) in versions 0.7 and 0.7.1645. Connected advisories show openSUSE/SUSE patches and releases (e.g., libredwg 0.9.3) addressing this family of issues, including corrections for overflows and re...
CVE-2019-9775
CVE-2019-9775 affects GNU LibreDWG 0.7 and 0.7.1645 and describes an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec. The connected advisories confirm this vulnerability is addressed in newer LibreDWG releases (e.g., libredwg 0.9.x series; OpenSUSE/SUSE advisories reference 0...
CVE-2020-6611
CVE-2020-6611 affects GNU LibreDWG 0.9.3.2564 with a NULL pointer dereference in get_next_owned_entity (dwg.c). The vulnerability can lead to a crash/denial of service. Connected advisories indicate fixes in LibreDWG to release 0.10 (e.g., openSUSE/SUSE updates referencing CVE-2020-6611 and libre...
CVE-2019-9771
The CVE-2019-9771 issue affects GNU LibreDWG 0.7 and 0.7.1645, caused by a NULL pointer dereference in bit_convert_TU (bits.c). Public docs show remediation in libredwg releases up to 0.9.3, with OpenSUSE/SUSE advisories (e.g., openSUSE-SU-2020:0068-1/0095-1) noting fixes that address null pointe...
CVE-2020-6614
CVE-2020-6614 affects GNU LibreDWG 0.9.3.2564 with a heap-based buffer over-read in bfr_read (decode.c). Connected advisories show libredwg fixes in OpenSUSE/SUSE updates (0.10 release), addressing this and related CVEs (6609–6615). Affected: openSUSE Leap 15.1 and backports; remediation is upgra...
CVE-2020-6612
CVE-2020-6612 affects GNU LibreDWG, specifically version 0.9.3.2564, where a heap-based buffer over-read occurs in decode_r2007.c in copy_compressed_bytes. Public advisories from openSUSE/OpenSUSE security updates (libredwg 0.10) indicate this is among several fixes addressing CVEs in the 2020-66...
CVE-2019-9777
CVE-2019-9777 affects GNU LibreDWG 0.7 and 0.7.1645 and is a heap-based buffer over-read in dxf_header_write (header_variables_dxf.spec). Connected documents link this CVE to the libredwg project and confirm fixes in later releases; openSUSE/SUSE advisories state libredwg 0.9.3 (and related updat...
CVE-2019-9770
The CVE-2019-9770 entry concerns GNU LibreDWG before, specifically versions 0.7 and 0.7.1645, which have a heap-based buffer overflow in dwg_decode_eed_data (decode.c) for the y dimension. The vulnerability is caused by improper handling in decoding EED data, leading to a potential overflow. Seve...
CVE-2019-9774
CVE-2019-9774 concerns an out-of-bounds read in GNU LibreDWG 0.7 and 0.7.1645, specifically in bit_read_B (bits.c). Connected documents show downstream fixes in libredwg/OpenSUSE releases, notably a 0.9.x line with multiple CVEs fixed (e.g., CVE-2019-9774 and related issues) and security updates ...
CVE-2019-9776
CVE-2019-9776 is a vulnerability in GNU LibreDWG (LibreDWG/libredwg) where a NULL pointer dereference occurs in the DWF/DXF handling path (dwg_dxf_LTYPE). Publicly discussed fixes are delivered via libredwg updates in openSUSE/SLE backports: release 0.9.3 (and related 0.9.x series) includes fixes...
CVE-2019-9779
CVE-2019-9779 affects GNU LibreDWG 0.7 and 0.7.1645, due to a NULL pointer dereference in the function dwg_dxf_LTYPE (dwg.spec). The issue is mitigated by upgrading to the libredwg release series that fixes NULL pointer dereferences, with references showing the fix in the 0.9.x line (notably 0.9....
CVE-2019-9778
CVE-2019-9778 affects GNU LibreDWG 0.7 and 0.7.1645, with a heap-based buffer over-read in the function dwg_dxf_LTYPE in dwg.spec. Public records (SUSE/openSUSE and OSV entries) indicate that fixes were delivered in libredwg releases up to 0.9.3 and related updates, addressing multiple overflow/n...
CVE-2021-36080
CVE-2021-36080 affects GNU LibreDWG 0.12.3.4163 through 0.12.3.4191. The issue is a double-free in bit_chain_free , triggered by calls from dwg_encode_MTEXT and dwg_encode_add_object . Documented impact is memory management error; CVSS v2/3 metrics indicate high severity (base CVSSv3.1 8.8, NETWO...
CVE-2020-21842
CVE-2020-21842 affects GNU LibreDWG 0.10 and is caused by a heap-based buffer overflow triggered in the function read_2004_section_revhistory (../../src/decode.c:3051). Public records in the connected feeds confirm this vulnerability and its presence in LibreDWG; additional entries from Red Hat, ...
CVE-2020-21844
CVE-2020-21844 affects GNU LibreDWG 0.10. The vulnerability is in memcpy-param-overlap in the read_2004_section_header function (../../src/decode.c:2580), exposing remote code execution. The connected records confirm the affected component and exact location, but do not provide further exploit sp...
CVE-2022-33028
CVE-2022-33028 affects LibreDWG (v0.12.4.4608). A heap buffer overflow is triggered by the function dwg_add_object in decode.c. The vulnerability is documented across multiple sources (NVD, Red Hat, SUSE, CNVD, etc.) with impact described as partial to high on confidentiality, integrity, and avai...
CVE-2021-42586
CVE-2021-42586 affects GNU LibreDWG prior to 0.12.4, where a boundary/heap issue in decode_r2007.c: copy_bytes can trigger a heap buffer overflow when processing crafted DWG files. Several sources (SUSE, CNVD, NVD/NVD entry) confirm the vulnerability and version target. Impact is a heap overflow,...
CVE-2020-21831
The CVE refers to a heap-based buffer overflow in GNU LibreDWG 0.10 triggered by read_2004_section_handles (src/decode.c:2637). Affected component is the LibreDWG library used for reading DWG files. Based on CVSS data, the vulnerability is exploitable remotely with network access, and the impact ...
CVE-2021-42585
The CVE-2021-42585 entry concerns GNU LibreDWG (a C library for processing DWG files). A heap buffer overflow was reported in copy_compressed_bytes within decode_r2007.c when processing untrusted input, affecting LibreDWG versions prior to 0.12.4 and triggered by crafted DWG files. Root cause ide...
CVE-2020-21840
The connected records confirm a heap-based buffer overflow in GNU LibreDWG 0.10, exploitable via bit_search_sentinel in ../../src/bits.c:1985. Affected component: LibreDWG library (C, DWG reading/writing). Root cause: buffer overflow in heap handling. Impact as stated: Confidentiality/Integrity/A...
CVE-2020-21833
The CVE-2020-21833 entry affects GNU LibreDWG 0.10 and is caused by a heap-based buffer overflow in the decoder path, triggered via read_2004_section_classes at ../../src/decode.c:2440. The existing records consistently describe this vulnerability as a heap overflow in LibreDWG 0.10; no additiona...
CVE-2020-21839
GNU LibreDWG 0.10 is affected by a memory leak in the dwg_decode_eed path (decode.c:3638) triggered by crafted input. Connected sources consistently describe the vulnerability but do not provide a patch or remediation details; no exploitation status is stated. Monitor for updates for a fix.
CVE-2022-33024
The CVE-2022-33024 entry involves the GNU LibreDWG library (libredwg). A denial-of-service condition exists due to an assertion failure in the decode_preR13_entities path within dwg2dxf (decode.c:5801) in libredwg v0.12.4.4608. A remote attacker could trigger the assertion, potentially exhausting...
CVE-2020-21843
The CVE-2020-21843 vulnerability affects GNU LibreDWG 0.10, caused by a heap-based buffer overflow in bit_read_RC (bits.c:318). It is described across multiple sources as a heap overflow via a specific read path. The documents do not provide confirmed patches or a remediation version; no exploit ...
CVE-2022-33025
CVE-2022-33025 affects LibreDWG, specifically v0.12.4.4608, with a heap-use-after-free in decode_preR13_section (decode_r11.c). The issue is addressed in LibreDWG v0.12.5.5907, per the openSUSE/SU (openSUSE-SU-2023:0201-1) advisory and the OSV entry for OPENSUSE-SU-2023:0201-1, which list CVE-202...
CVE-2022-33027
LibreDWG v0.12.4.4608 contains a heap-use-after-free vulnerability triggered by the function dwg_add_handleref in dwg.c. Multiple sources (including Red Hat, SUSE, PRION/PT-Security entries) corroborate this issue without publicly available patch details in the provided documents. Exploitation st...
CVE-2022-33033
CVE-2022-33033 affects LibreDWG (GNU LibreDWG) v0.12.4.4608. The vulnerability is a double-free in dwg_read_file() within dwg.c. According to the CVSS data, it has a high impact on confidentiality, integrity, and availability, with a local exposure that requires user interaction; exploitation det...
CVE-2020-21838
CVE-2020-21838 affects GNU LibreDWG 0.10 and is a heap-based buffer overflow triggered by read_2004_section_appinfo in ../../src/decode.c:2842. The vulnerability is documented across multiple sources (NVD, Red Hat, SUSE, CNVD/CNVD-like entries, OSV, etc.). Reported impact indicates potential part...
CVE-2020-21832
CVE-2020-21832 describes a heap-based buffer overflow in GNU LibreDWG 0.10, triggered by reading in the function read_2004_compressed_section (src/decode.c:2417). The vulnerability affects LibreDWG’s ability to safely process certain DWG inputs, with potential impacts on confidentiality, integrit...
CVE-2020-21834
CVE-2020-21834 affects GNU LibreDWG 0.10, with a null pointer dereference in the DWG-to-BMP workflow. The issue is triggered via get_bmp in programs/dwgbmp.c:164, as described across multiple sources (NVD, Red Hat, SUSE, CNVD, and others). Impact is described as a denial of service due to the nul...
CVE-2020-21830
Affects GNU LibreDWG 0.10. A heap-based buffer overflow via bit_calc_CRC in ../../src/bits.c:2213 is reported across multiple sources (CVE records, CNVD, CNNVD, SUSE, Red Hat). The vulnerability is described consistently as a heap overflow in LibreDWG’s handling of DWG data, with cited location b...
CVE-2020-21841
CVE-2020-21841 affects GNU LibreDWG 0.10. The vulnerability is a heap-based buffer overflow triggered by a flaw in bit_read_B in ../../src/bits.c:135. Multiple connected records (Red Hat, SUSE, CNVD, NVD, NVD-derived feeds, and others) confirm the same issue across sources, indicating a consisten...
CVE-2022-35164
LibreDWG is affected by CVE-2022-35164: v0.12.4.4608 with commit f2dea29 contains a heap use-after-free in bit_copy_chain. The CVSSv3.1 base score is 9.8 (CRITICAL). Remediation available: the OpenSUSE OSV advisory notes the fix is included in libredwg-devel-0.12.5-3.1 on the GA media. Per the Re...
CVE-2023-25222
The CVE-2023-25222 entry concerns GNU LibreDWG v0.12.5, where a heap-based buffer overflow is reported in the bit_read_RC function of bits.c. Several connected sources (Red Hat, SUSE, OSV, NVD, CVE List, CNNVD, etc.) corroborate a heap-based overflow in this exact component/version. Documented im...
CVE-2020-21835
CVE-2020-21835 affects GNU LibreDWG 0.10, with a null pointer dereference in the function read_2004_compressed_section (../../src/decode.c:2337). Multiple sources describe it as a denial of service vulnerability in LibreDWG’s DWG reader/writer stack. The primary technical detail available across ...