88 matches found
CVE-2020-21835
CVE-2020-21835 affects GNU LibreDWG 0.10, with a null pointer dereference in the function read_2004_compressed_section (../../src/decode.c:2337). Multiple sources describe it as a denial of service vulnerability in LibreDWG’s DWG reader/writer stack. The primary technical detail available across ...
CVE-2020-21836
The CVE-2020-21836 entry is confirmed with concrete details across connected documents: a heap-based buffer overflow in GNU LibreDWG 0.10 triggered via read_2004_section_preview in ../../src/decode.c:3175. Documents consistently describe LibreDWG as the impacted library for DWG file handling, wit...
CVE-2022-33032
Affected software: LibreDWG v0.12.4.4608. Root cause: heap-buffer-overflow in the function decode_preR13_section_hdr located in decode_r11.c. Impact: memory corruption with potential execution of arbitrary code (as described by PT-2022-21657). Status / remediation: no patch/version fix informatio...
CVE-2022-35164
LibreDWG is affected by CVE-2022-35164: v0.12.4.4608 with commit f2dea29 contains a heap use-after-free in bit_copy_chain. The CVSSv3.1 base score is 9.8 (CRITICAL). Remediation available: the OpenSUSE OSV advisory notes the fix is included in libredwg-devel-0.12.5-3.1 on the GA media. Per the Re...
CVE-2022-33034
CVE-2022-33034 affects LibreDWG v0.12.4.4608, with a stack overflow vulnerability in the function copy_bytes in decode_r2007.c. The connected sources consistently describe a stack overflow condition in the GNU LibreDWG library for DWG file processing; no detailed exploitation vectors or CVSS-base...
CVE-2021-39521
Libredwg up to version 0.10.1.3751 contains a NULL pointer dereference in bit_read_BB() (bits.c), leading to Denial of Service. Affected component is the libredwg C library for DWG files. Impact is partial availability (DoS) as described in multiple sources. No exploit details are provided in the...
CVE-2021-28237
CVE-2021-28237 affects LibreDWG v0.12.3 and is caused by a heap-buffer overflow in decode_preR13. Public sources consistently describe this as a vulnerability in LibreDWG, with OpenSUSE/SUSE advisories noting a release update to 0.12.5 to fix the issue and mitigate oss‑fuzz errors by restricting ...
CVE-2019-20913
CVE-2019-20913 affects GNU LibreDWG up to version 0.9.3. The issue is a heap-based buffer over-read in the function dwg_encode_entity within common_entity_data.spec, triggered by crafted input. Impact is described as a heap-based over-read; no additional exploit details or remediation are provide...
CVE-2023-26157
CVE-2023-26157 affects libredwg prior to 0.12.5.6384 and arises from an out-of-bounds read of section->num_pages in decode_r2007.c, causing a Denial of Service. The issue is confirmed by multiple sources and has been mitigated in subsequent releases. OpenSUSE SUSE advisories (openSUSE-SU-2024:...
CVE-2019-20911
CVE-2019-20911 affects GNU LibreDWG up to version 0.9.3. The vulnerability lies in bit_calc_CRC within bits.c, where a crafted input can trigger a denial of service due to a problematic for loop. The connected documents consistently describe DoS potential but do not provide explicit exploitation ...
CVE-2019-20909
CVE-2019-20909 affects GNU LibreDWG (library for DWG files). Multiple connected sources confirm a NULL pointer dereference in the function dwg_encode_LWPOLYLINE (dwg.spec), present in LibreDWG up to version 0.9.3 and earlier. Documented impact describes a crash/denial of service vector via this d...
CVE-2021-39522
CVE-2021-39522 affects the LibreDWG library (libredwg) up to version 0.10.1.3751. The root cause is a heap-based buffer overflow in bit_wcs2len() located in bits.c. This vulnerability can potentially corrupt heap memory when processing certain inputs, as described in multiple sources (e.g., CNVD-...
CVE-2020-21816
CVE-2020-21816 is a reported heap-based buffer overflow in GNU LibreDWG 0.10.2641. The root cause is described as a heap buffer overflow in the escape routine used for HTML escaping (htmlescape) in ../../programs/escape.c:46. This vulnerability is documented across multiple sources (NVD, CNVD, Re...
CVE-2020-21827
CVE-2020-21827 is a heap-based buffer overflow in GNU LibreDWG 0.10, triggered by the read_2004_compressed_section path in decode.c:2379. Affected component: GNU LibreDWG (DWG reading library). Root cause: heap overflow vulnerability in the 2004 compressed section handling. Impact (as per sources...
CVE-2021-28236
CVE-2021-28236 affects LibreDWG v0.12.3 and is caused by a NULL pointer dereference in out_dxfb.c. The Red Hat, SUSE, CNVD/CNNVD, OSV, and other connected records consistently describe this as a NULL pointer dereference in LibreDWG v0.12.3, with additional notes in CNVD/CNNVD referring to a buffe...
CVE-2021-39530
CVE-2021-39530 affects the LibreDWG project (libredwg) up to version 0.10.1.3751. The issue is a heap-based buffer overflow in bit_wcs2nlen() implemented in bits.c. The available documents confirm this as a vulnerability in LibreDWG with a reported CVSS base score of 8.8 (3.1) indicating high imp...
CVE-2019-20912
CVE-2019-20912 affects GNU LibreDWG up to version 0.9.3. The issue is a vulnerability in bits.c where crafted input can trigger a stack overflow, potentially related to bit_read_TF. Multiple connected sources reiter this description, indicating a stack overflow in memory operations caused by malf...
CVE-2019-20915
CVE-2019-20915 affects GNU LibreDWG up to version 0.9.3. A crafted input triggers a heap-based buffer over-read in bit_write_TF within bits.c, as described across multiple connected documents. Impact details in sources vary, but CVSS data from NVD indicates high impact under network attack with p...
CVE-2019-20914
GNU LibreDWG up to version 0.9.3 contains a NULL pointer dereference in dwg_encode_common_entity_handle_data (common_entity_handle_data.spec). This vulnerability is documented across multiple sources (Red Hat, SUSE, NVD, OSV, etc.). The available connected documents confirm the issue but do not p...
CVE-2018-14443
The CVE affects GNU LibreDWG, specifically the dwg.c file function get_first_owned_object in version 0.5.1036. The underlying issue allows remote attackers to cause a denial of service via a segmentation fault (SEGV). The provided connected documents confirm the affected component and the crash b...
CVE-2021-39523
The CVE-2021-39523 entry affects the LibreDWG library (v0.10.1.3751 and earlier). A NULL pointer dereference in decode.c::check_POLYLINE_handles() is the root cause, enabling an attacker to cause a Denial of Service. The vulnerability is documented across multiple sources (NVD/SUSE/etc.), but no ...
CVE-2021-39527
CVE-2021-39527 describes a heap-based buffer overflow in LibreDWG/libredwg (up to v0.10.1.3751). The root cause is in decode.c, function appinfo_private() . Reported impact per records: CVSSv3.1 base score 8.8 (HIGH) with network attack, no authentication, UI required, and impact on confidentiali...
CVE-2021-39528
CVE-2021-39528 is a confirmed vulnerability in the LibreDWG library. The issue is a double-free in dwg_free_MATERIAL_private() within dwg.spec, affecting libredwg up to version 0.10.1.3751. Documented risk metrics indicate a high impact with network attack vector and both confidentiality/ integri...
CVE-2021-45950
CVE-2021-45950 affects LibreDWG 0.12.4.4313 to 0.12.4.4367. The issue is an out-of-bounds write in the function dwg_free_BLOCK_private, which is invoked from dwg_free_BLOCK and dwg_free_object. Multiple sources (Red Hat, SUSE, CNVD, NVD, OSV, CNVD CNVD-2022-52262) corroborate the same description...
CVE-2018-14524
CVE-2018-14524 affects GNU LibreDWG prior to 0.6, with a double-free in dwg_free_eed due to improper management of obj->eed after free during dwg_decode_eed. Affected component: LibreDWG (C library for DWG handling). Root cause: freeing obj->eed without proper reinitialization/handling. Imp...
CVE-2020-15807
GNU LibreDWG (C library) prior to version 0.11 is affected by a NULL pointer dereference when processing crafted input files. This vulnerability, CVE-2020-15807, is documented across multiple feeds (NVD entry notes a NULL pointer dereference; Red Hat/SUSE/CNVD mirrors echo the same description). ...
CVE-2020-21814
CVE-2020-21814 describes a heap-based buffer overflow in GNU LibreDWG 0.10.2641 triggered via htmlwescape ../../programs/escape.c:97. The connected documents consistently identify the affected component as LibreDWG and the vulnerable code path in escape.c, but none provide a concrete patch/versio...
CVE-2020-21819
GNU LibreDWG 0.10.2641 contains a heap-based buffer overflow vulnerability exploitable via the code path in htmlescape ../../programs/escape.c:51. Affected component is the LibreDWG C library used for DWG file handling. Impact is described as heap corruption with potential high impact to confiden...
CVE-2022-45332
CVE-2022-45332 affects LibreDWG v0.12.4.4643, with a heap buffer overflow in the decode_preR13_section_hdr function of decode_r11.c. The vulnerability is described as a heap overflow (high impact) with LOCAL attack vector, no privileges required, and user interaction needed. The connected documen...
CVE-2018-14471
CVE-2018-14471 affects GNU LibreDWG 0.5.1048, where dwg_obj_block_control_get_block_headers (dwg_api.c) can be triggered by a crafted DWG file to cause a denial of service via a NULL pointer dereference/SEGV. The issue is corroborated across multiple issuances (e.g., Red Hat, SUSE, CNVD, OSV, NVD...
CVE-2020-21813
Summary: CVE-2020-21813 affects GNU LibreDWG, specifically version 0.10.2641, with a heap-based buffer overflow exploitable via the function path output_TEXT in dwg2SVG.c:114. What is affected: LibreDWG 0.10.2641 (GNU LibreDWG). Root cause (as stated): heap-based buffer overflow in output_TEXT at...
CVE-2020-21815
CVE-2020-21815 affects GNU LibreDWG 0.10.2641. A null pointer dereference occurs via output_TEXT ../../programs/dwg2SVG.c:114, leading to a denial of service (application crash). The connected sources consistently describe the same issue across multiple feeds (e.g., Red Hat, SUSE, CNVD, NVD). No ...
CVE-2020-21817
CVE-2020-21817 is a null pointer dereference in GNU LibreDWG 0.10.2641, triggered via htmlescape ../../programs/escape.c:29, causing a denial of service (application crash). The vulnerability is confirmed across multiple sources (Red Hat, SUSE, CNVD/CVEs, NVD, OSV, CVE lists). No public exploit d...
CVE-2020-23861
CVE-2020-23861 affects LibreDWG 0.10.1. A heap-based buffer overflow occurs in the libredwg-0.10.1/src/decode_r2007.c:666:5 within read_system_page, leading to a denial of service when processing a DWG file. The vulnerability is documented across multiple feeds (NVD/Red Hat/SUSE/CNVD et al.), con...
CVE-2019-20910
GNU LibreDWG up to version 0.9.3 is affected by CVE-2019-20910 due to a heap-based buffer over-read in decode_R13_R2000 within decode.c. This is observed in the CVE-2019-20910 entries across NVD/CNVD/OSV and related advisories (e.g., OpenSUSE security update for libredwg). The vulnerability stems...
CVE-2019-9772
CVE-2019-9772 affects GNU LibreDWG up to version 0.7 (patches referenced in LibreDWG 0.9.x series). The vulnerability is a NULL pointer dereference in the function dwg_dxf_LEADER in dwg.spec, as described in the CVE entry. Publicly discussed openSUSE/SUSE advisories (openSUSE-SU-2020:0068-1/0068-...
CVE-2020-21818
GNU LibreDWG 0.10.2641 contains a heap-based buffer overflow in the function used for HTML escaping (htmlescape) at line 48 in escape.c. The vulnerability is documented across multiple sources (CVE-2020-21818 entries) and explicitly identifies the affected version and vulnerable code path. The co...
CVE-2025-61154
CVE-2025-61154 : A heap buffer overflow in LibreDWG affects versions 0.13.3.7571 through 0.13.3.7835. The overflow occurs in the decompression path while processing DWG files in the function decompress_R2004_section (decode.c), leading to Denial of Service (DoS). The available documents consisten...