Lucene search
K
GnuLibredwg

88 matches found

CVE
CVE
added 2021/05/17 8:28 p.m.66 views

CVE-2020-21835

CVE-2020-21835 affects GNU LibreDWG 0.10, with a null pointer dereference in the function read_2004_compressed_section (../../src/decode.c:2337). Multiple sources describe it as a denial of service vulnerability in LibreDWG’s DWG reader/writer stack. The primary technical detail available across ...

6.5CVSS6.4AI score0.00865EPSS
CVE
CVE
added 2021/05/17 8:33 p.m.66 views

CVE-2020-21836

The CVE-2020-21836 entry is confirmed with concrete details across connected documents: a heap-based buffer overflow in GNU LibreDWG 0.10 triggered via read_2004_section_preview in ../../src/decode.c:3175. Documents consistently describe LibreDWG as the impacted library for DWG file handling, wit...

8.8CVSS8.8AI score0.01167EPSS
CVE
CVE
added 2022/06/22 1:33 p.m.66 views

CVE-2022-33032

Affected software: LibreDWG v0.12.4.4608. Root cause: heap-buffer-overflow in the function decode_preR13_section_hdr located in decode_r11.c. Impact: memory corruption with potential execution of arbitrary code (as described by PT-2022-21657). Status / remediation: no patch/version fix informatio...

7.8CVSS7.6AI score0.00695EPSS
CVE
CVE
added 2022/08/18 4:49 a.m.66 views

CVE-2022-35164

LibreDWG is affected by CVE-2022-35164: v0.12.4.4608 with commit f2dea29 contains a heap use-after-free in bit_copy_chain. The CVSSv3.1 base score is 9.8 (CRITICAL). Remediation available: the OpenSUSE OSV advisory notes the fix is included in libredwg-devel-0.12.5-3.1 on the GA media. Per the Re...

9.8CVSS9.5AI score0.00876EPSS
CVE
CVE
added 2022/06/22 1:33 p.m.62 views

CVE-2022-33034

CVE-2022-33034 affects LibreDWG v0.12.4.4608, with a stack overflow vulnerability in the function copy_bytes in decode_r2007.c. The connected sources consistently describe a stack overflow condition in the GNU LibreDWG library for DWG file processing; no detailed exploitation vectors or CVSS-base...

7.8CVSS7.8AI score0.00695EPSS
CVE
CVE
added 2021/09/20 3:26 p.m.60 views

CVE-2021-39521

Libredwg up to version 0.10.1.3751 contains a NULL pointer dereference in bit_read_BB() (bits.c), leading to Denial of Service. Affected component is the libredwg C library for DWG files. Impact is partial availability (DoS) as described in multiple sources. No exploit details are provided in the...

6.5CVSS6.3AI score0.00838EPSS
CVE
CVE
added 2021/12/02 9:47 p.m.58 views

CVE-2021-28237

CVE-2021-28237 affects LibreDWG v0.12.3 and is caused by a heap-buffer overflow in decode_preR13. Public sources consistently describe this as a vulnerability in LibreDWG, with OpenSUSE/SUSE advisories noting a release update to 0.12.5 to fix the issue and mitigate oss‑fuzz errors by restricting ...

9.8CVSS9.6AI score0.01363EPSS
CVE
CVE
added 2020/07/16 5:46 p.m.57 views

CVE-2019-20913

CVE-2019-20913 affects GNU LibreDWG up to version 0.9.3. The issue is a heap-based buffer over-read in the function dwg_encode_entity within common_entity_data.spec, triggered by crafted input. Impact is described as a heap-based over-read; no additional exploit details or remediation are provide...

8.1CVSS7.9AI score0.01245EPSS
CVE
CVE
added 2024/01/02 5:0 a.m.57 views

CVE-2023-26157

CVE-2023-26157 affects libredwg prior to 0.12.5.6384 and arises from an out-of-bounds read of section->num_pages in decode_r2007.c, causing a Denial of Service. The issue is confirmed by multiple sources and has been mitigated in subsequent releases. OpenSUSE SUSE advisories (openSUSE-SU-2024:...

7.5CVSS7.4AI score0.0054EPSS
CVE
CVE
added 2020/07/16 5:46 p.m.56 views

CVE-2019-20911

CVE-2019-20911 affects GNU LibreDWG up to version 0.9.3. The vulnerability lies in bit_calc_CRC within bits.c, where a crafted input can trigger a denial of service due to a problematic for loop. The connected documents consistently describe DoS potential but do not provide explicit exploitation ...

6.5CVSS6.2AI score0.01019EPSS
CVE
CVE
added 2020/07/16 5:46 p.m.55 views

CVE-2019-20909

CVE-2019-20909 affects GNU LibreDWG (library for DWG files). Multiple connected sources confirm a NULL pointer dereference in the function dwg_encode_LWPOLYLINE (dwg.spec), present in LibreDWG up to version 0.9.3 and earlier. Documented impact describes a crash/denial of service vector via this d...

7.5CVSS7.4AI score0.01619EPSS
CVE
CVE
added 2021/09/20 3:26 p.m.55 views

CVE-2021-39522

CVE-2021-39522 affects the LibreDWG library (libredwg) up to version 0.10.1.3751. The root cause is a heap-based buffer overflow in bit_wcs2len() located in bits.c. This vulnerability can potentially corrupt heap memory when processing certain inputs, as described in multiple sources (e.g., CNVD-...

8.8CVSS8.7AI score0.01043EPSS
CVE
CVE
added 2021/05/17 6:41 p.m.54 views

CVE-2020-21816

CVE-2020-21816 is a reported heap-based buffer overflow in GNU LibreDWG 0.10.2641. The root cause is described as a heap buffer overflow in the escape routine used for HTML escaping (htmlescape) in ../../programs/escape.c:46. This vulnerability is documented across multiple sources (NVD, CNVD, Re...

8.8CVSS8.8AI score0.01232EPSS
CVE
CVE
added 2021/05/17 7:46 p.m.54 views

CVE-2020-21827

CVE-2020-21827 is a heap-based buffer overflow in GNU LibreDWG 0.10, triggered by the read_2004_compressed_section path in decode.c:2379. Affected component: GNU LibreDWG (DWG reading library). Root cause: heap overflow vulnerability in the 2004 compressed section handling. Impact (as per sources...

7.8CVSS7.8AI score0.00981EPSS
CVE
CVE
added 2021/12/02 9:47 p.m.54 views

CVE-2021-28236

CVE-2021-28236 affects LibreDWG v0.12.3 and is caused by a NULL pointer dereference in out_dxfb.c. The Red Hat, SUSE, CNVD/CNNVD, OSV, and other connected records consistently describe this as a NULL pointer dereference in LibreDWG v0.12.3, with additional notes in CNVD/CNNVD referring to a buffe...

7.5CVSS7.5AI score0.01197EPSS
CVE
CVE
added 2021/09/20 3:26 p.m.54 views

CVE-2021-39530

CVE-2021-39530 affects the LibreDWG project (libredwg) up to version 0.10.1.3751. The issue is a heap-based buffer overflow in bit_wcs2nlen() implemented in bits.c. The available documents confirm this as a vulnerability in LibreDWG with a reported CVSS base score of 8.8 (3.1) indicating high imp...

8.8CVSS8.7AI score0.01043EPSS
CVE
CVE
added 2020/07/16 5:46 p.m.53 views

CVE-2019-20912

CVE-2019-20912 affects GNU LibreDWG up to version 0.9.3. The issue is a vulnerability in bits.c where crafted input can trigger a stack overflow, potentially related to bit_read_TF. Multiple connected sources reiter this description, indicating a stack overflow in memory operations caused by malf...

8.8CVSS8.7AI score0.01321EPSS
CVE
CVE
added 2020/07/16 5:46 p.m.53 views

CVE-2019-20915

CVE-2019-20915 affects GNU LibreDWG up to version 0.9.3. A crafted input triggers a heap-based buffer over-read in bit_write_TF within bits.c, as described across multiple connected documents. Impact details in sources vary, but CVSS data from NVD indicates high impact under network attack with p...

8.1CVSS7.9AI score0.01245EPSS
CVE
CVE
added 2020/07/16 5:46 p.m.51 views

CVE-2019-20914

GNU LibreDWG up to version 0.9.3 contains a NULL pointer dereference in dwg_encode_common_entity_handle_data (common_entity_handle_data.spec). This vulnerability is documented across multiple sources (Red Hat, SUSE, NVD, OSV, etc.). The available connected documents confirm the issue but do not p...

9.8CVSS9.2AI score0.0192EPSS
CVE
CVE
added 2018/07/20 1:0 p.m.50 views

CVE-2018-14443

The CVE affects GNU LibreDWG, specifically the dwg.c file function get_first_owned_object in version 0.5.1036. The underlying issue allows remote attackers to cause a denial of service via a segmentation fault (SEGV). The provided connected documents confirm the affected component and the crash b...

6.5CVSS6.3AI score0.01116EPSS
CVE
CVE
added 2021/09/20 3:26 p.m.50 views

CVE-2021-39523

The CVE-2021-39523 entry affects the LibreDWG library (v0.10.1.3751 and earlier). A NULL pointer dereference in decode.c::check_POLYLINE_handles() is the root cause, enabling an attacker to cause a Denial of Service. The vulnerability is documented across multiple sources (NVD/SUSE/etc.), but no ...

6.5CVSS6.3AI score0.00829EPSS
CVE
CVE
added 2021/09/20 3:26 p.m.50 views

CVE-2021-39527

CVE-2021-39527 describes a heap-based buffer overflow in LibreDWG/libredwg (up to v0.10.1.3751). The root cause is in decode.c, function appinfo_private() . Reported impact per records: CVSSv3.1 base score 8.8 (HIGH) with network attack, no authentication, UI required, and impact on confidentiali...

8.8CVSS8.7AI score0.01031EPSS
CVE
CVE
added 2021/09/20 3:26 p.m.50 views

CVE-2021-39528

CVE-2021-39528 is a confirmed vulnerability in the LibreDWG library. The issue is a double-free in dwg_free_MATERIAL_private() within dwg.spec, affecting libredwg up to version 0.10.1.3751. Documented risk metrics indicate a high impact with network attack vector and both confidentiality/ integri...

8.8CVSS8.6AI score0.01043EPSS
CVE
CVE
added 2021/12/31 11:54 p.m.50 views

CVE-2021-45950

CVE-2021-45950 affects LibreDWG 0.12.4.4313 to 0.12.4.4367. The issue is an out-of-bounds write in the function dwg_free_BLOCK_private, which is invoked from dwg_free_BLOCK and dwg_free_object. Multiple sources (Red Hat, SUSE, CNVD, NVD, OSV, CNVD CNVD-2022-52262) corroborate the same description...

6.5CVSS6.5AI score0.00887EPSS
CVE
CVE
added 2018/07/23 8:0 a.m.49 views

CVE-2018-14524

CVE-2018-14524 affects GNU LibreDWG prior to 0.6, with a double-free in dwg_free_eed due to improper management of obj->eed after free during dwg_decode_eed. Affected component: LibreDWG (C library for DWG handling). Root cause: freeing obj->eed without proper reinitialization/handling. Imp...

6.5CVSS6.3AI score0.01058EPSS
CVE
CVE
added 2020/07/17 3:35 p.m.49 views

CVE-2020-15807

GNU LibreDWG (C library) prior to version 0.11 is affected by a NULL pointer dereference when processing crafted input files. This vulnerability, CVE-2020-15807, is documented across multiple feeds (NVD entry notes a NULL pointer dereference; Red Hat/SUSE/CNVD mirrors echo the same description). ...

6.5CVSS6.4AI score0.01495EPSS
CVE
CVE
added 2021/05/17 6:13 p.m.49 views

CVE-2020-21814

CVE-2020-21814 describes a heap-based buffer overflow in GNU LibreDWG 0.10.2641 triggered via htmlwescape ../../programs/escape.c:97. The connected documents consistently identify the affected component as LibreDWG and the vulnerable code path in escape.c, but none provide a concrete patch/versio...

8.8CVSS8.9AI score0.01167EPSS
CVE
CVE
added 2021/05/17 6:55 p.m.49 views

CVE-2020-21819

GNU LibreDWG 0.10.2641 contains a heap-based buffer overflow vulnerability exploitable via the code path in htmlescape ../../programs/escape.c:51. Affected component is the LibreDWG C library used for DWG file handling. Impact is described as heap corruption with potential high impact to confiden...

8.8CVSS8.8AI score0.01232EPSS
CVE
CVE
added 2022/11/30 12:0 a.m.49 views

CVE-2022-45332

CVE-2022-45332 affects LibreDWG v0.12.4.4643, with a heap buffer overflow in the decode_preR13_section_hdr function of decode_r11.c. The vulnerability is described as a heap overflow (high impact) with LOCAL attack vector, no privileges required, and user interaction needed. The connected documen...

7.8CVSS7.9AI score0.00308EPSS
CVE
CVE
added 2018/07/20 4:0 p.m.48 views

CVE-2018-14471

CVE-2018-14471 affects GNU LibreDWG 0.5.1048, where dwg_obj_block_control_get_block_headers (dwg_api.c) can be triggered by a crafted DWG file to cause a denial of service via a NULL pointer dereference/SEGV. The issue is corroborated across multiple issuances (e.g., Red Hat, SUSE, CNVD, OSV, NVD...

6.5CVSS6.2AI score0.01352EPSS
CVE
CVE
added 2021/05/17 5:58 p.m.48 views

CVE-2020-21813

Summary: CVE-2020-21813 affects GNU LibreDWG, specifically version 0.10.2641, with a heap-based buffer overflow exploitable via the function path output_TEXT in dwg2SVG.c:114. What is affected: LibreDWG 0.10.2641 (GNU LibreDWG). Root cause (as stated): heap-based buffer overflow in output_TEXT at...

7.8CVSS7.8AI score0.00978EPSS
CVE
CVE
added 2021/05/17 6:45 p.m.48 views

CVE-2020-21815

CVE-2020-21815 affects GNU LibreDWG 0.10.2641. A null pointer dereference occurs via output_TEXT ../../programs/dwg2SVG.c:114, leading to a denial of service (application crash). The connected sources consistently describe the same issue across multiple feeds (e.g., Red Hat, SUSE, CNVD, NVD). No ...

6.5CVSS6.3AI score0.00913EPSS
CVE
CVE
added 2021/05/17 6:47 p.m.47 views

CVE-2020-21817

CVE-2020-21817 is a null pointer dereference in GNU LibreDWG 0.10.2641, triggered via htmlescape ../../programs/escape.c:29, causing a denial of service (application crash). The vulnerability is confirmed across multiple sources (Red Hat, SUSE, CNVD/CVEs, NVD, OSV, CVE lists). No public exploit d...

6.5CVSS6.3AI score0.00913EPSS
CVE
CVE
added 2021/05/18 3:2 p.m.47 views

CVE-2020-23861

CVE-2020-23861 affects LibreDWG 0.10.1. A heap-based buffer overflow occurs in the libredwg-0.10.1/src/decode_r2007.c:666:5 within read_system_page, leading to a denial of service when processing a DWG file. The vulnerability is documented across multiple feeds (NVD/Red Hat/SUSE/CNVD et al.), con...

5.5CVSS5.6AI score0.00634EPSS
CVE
CVE
added 2020/07/16 5:46 p.m.46 views

CVE-2019-20910

GNU LibreDWG up to version 0.9.3 is affected by CVE-2019-20910 due to a heap-based buffer over-read in decode_R13_R2000 within decode.c. This is observed in the CVE-2019-20910 entries across NVD/CNVD/OSV and related advisories (e.g., OpenSUSE security update for libredwg). The vulnerability stems...

8.1CVSS8.2AI score0.01245EPSS
CVE
CVE
added 2019/03/14 7:0 a.m.42 views

CVE-2019-9772

CVE-2019-9772 affects GNU LibreDWG up to version 0.7 (patches referenced in LibreDWG 0.9.x series). The vulnerability is a NULL pointer dereference in the function dwg_dxf_LEADER in dwg.spec, as described in the CVE entry. Publicly discussed openSUSE/SUSE advisories (openSUSE-SU-2020:0068-1/0068-...

7.5CVSS8.2AI score0.02772EPSS
CVE
CVE
added 2021/05/17 6:50 p.m.42 views

CVE-2020-21818

GNU LibreDWG 0.10.2641 contains a heap-based buffer overflow in the function used for HTML escaping (htmlescape) at line 48 in escape.c. The vulnerability is documented across multiple sources (CVE-2020-21818 entries) and explicitly identifies the affected version and vulnerable code path. The co...

8.8CVSS8.8AI score0.01219EPSS
CVE
CVE
added 2026/03/12 12:0 a.m.9 views

CVE-2025-61154

CVE-2025-61154 : A heap buffer overflow in LibreDWG affects versions 0.13.3.7571 through 0.13.3.7835. The overflow occurs in the decompression path while processing DWG files in the function decompress_R2004_section (decode.c), leading to Denial of Service (DoS). The available documents consisten...

6.5CVSS6AI score0.00218EPSS
Total number of security vulnerabilities88