Libredwg@* Security Vulnerabilities and Issues — Libredwg@* CVE List

Lucene search

GnuLibredwg*

30 matches found

CVE•added 2019/12/27 1:15 a.m.•178 views

CVE-2019-20013

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

6.5CVSS7.4AI score0.00556EPSS

CVE•added 2019/12/27 1:15 a.m.•169 views

CVE-2019-20009

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.

6.5CVSS7.4AI score0.00556EPSS

CVE•added 2019/12/27 1:15 a.m.•167 views

CVE-2019-20014

An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.

8.8CVSS8.8AI score0.0051EPSS

CVE•added 2023/06/23 3:15 p.m.•157 views

CVE-2023-36272

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

8.8CVSS9AI score0.00161EPSS

CVE•added 2023/06/23 3:15 p.m.•156 views

CVE-2023-36274

LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

8.8CVSS9AI score0.00161EPSS

CVE•added 2023/06/23 3:15 p.m.•149 views

CVE-2023-36271

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

8.8CVSS9AI score0.00113EPSS

CVE•added 2021/07/01 3:15 a.m.•67 views

CVE-2021-36080

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).

8.8CVSS8.6AI score0.00436EPSS

CVE•added 2022/05/23 11:16 a.m.•65 views

CVE-2021-42585

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

8.8CVSS8.7AI score0.00399EPSS

CVE•added 2022/05/23 11:16 a.m.•65 views

CVE-2021-42586

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

8.8CVSS8.7AI score0.00399EPSS

CVE•added 2022/08/18 5:15 a.m.•50 views

CVE-2022-35164

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.

9.8CVSS9.5AI score0.00122EPSS

CVE•added 2020/07/16 6:15 p.m.•43 views

CVE-2019-20913

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.

8.1CVSS7.9AI score0.00397EPSS

CVE•added 2021/09/20 4:15 p.m.•43 views

CVE-2021-39522

An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.

8.8CVSS8.7AI score0.00385EPSS

CVE•added 2021/09/20 4:15 p.m.•42 views

CVE-2021-39521

An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.

6.5CVSS6.3AI score0.00239EPSS

CVE•added 2024/01/02 5:15 a.m.•42 views

CVE-2023-26157

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

7.5CVSS7.4AI score0.00043EPSS

CVE•added 2020/07/16 6:15 p.m.•41 views

CVE-2019-20909

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.

7.5CVSS7.4AI score0.00336EPSS

CVE•added 2020/07/16 6:15 p.m.•41 views

CVE-2019-20911

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.

6.5CVSS6.2AI score0.00285EPSS

CVE•added 2021/09/20 4:15 p.m.•39 views

CVE-2021-39530

An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.

8.8CVSS8.7AI score0.00385EPSS

CVE•added 2020/07/16 6:15 p.m.•38 views

CVE-2019-20914

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.

9.8CVSS9.2AI score0.00372EPSS

CVE•added 2020/07/16 6:15 p.m.•38 views

CVE-2019-20915

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.

8.1CVSS7.9AI score0.00397EPSS

CVE•added 2018/07/20 1:29 p.m.•37 views

CVE-2018-14443

get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).

6.5CVSS6.3AI score0.00425EPSS

CVE•added 2018/07/20 4:29 p.m.•37 views

CVE-2018-14471

dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.

6.5CVSS6.2AI score0.00348EPSS

CVE•added 2020/07/16 6:15 p.m.•37 views

CVE-2019-20912

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.

8.8CVSS8.7AI score0.0042EPSS

CVE•added 2021/09/20 4:15 p.m.•37 views

CVE-2021-39527

An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.

8.8CVSS8.7AI score0.00352EPSS

CVE•added 2018/07/23 8:29 a.m.•36 views

CVE-2018-14524

dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.

6.5CVSS6.3AI score0.00238EPSS

CVE•added 2020/07/16 6:15 p.m.•36 views

CVE-2019-20910

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.

8.1CVSS8.2AI score0.0051EPSS

CVE•added 2022/01/01 12:15 a.m.•36 views

CVE-2021-45950

LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).

6.5CVSS6.5AI score0.00238EPSS

CVE•added 2020/07/17 4:15 p.m.•34 views

CVE-2020-15807

GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.

6.5CVSS6.4AI score0.00411EPSS

CVE•added 2021/09/20 4:15 p.m.•34 views

CVE-2021-39525

An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.

8.8CVSS8.7AI score0.00352EPSS

CVE•added 2021/09/20 4:15 p.m.•34 views

CVE-2021-39528

An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.

8.8CVSS8.6AI score0.00332EPSS

CVE•added 2021/09/20 4:15 p.m.•33 views

CVE-2021-39523

An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.

6.5CVSS6.3AI score0.00239EPSS