CVE-2019-20013

CVE-2019-20013 affects GNU LibreDWG prior to 0.93: crafted input can trigger an excessive memory allocation in decode_3dsolid (dwg.spec). Connected advisories show this as addressed in the libredwg updates to release 0.9.3, with overflow/memory-leak mitigations and additional fuzzing protections....

CVE-2019-20014

CVE-2019-20014 (GNU LibreDWG) is a double-free in dwg_free() before 0.93. Public documents confirm the issue and list fixes in LibreDWG releases up to 0.9.3 (OpenSUSE/EU/Red Hat advisories), with remediation by upgrading to 0.9.3 or later. NVD reports CVSS v2: 6.8 (NETWORK, PARTIAL/partial impact...

CVE-2019-20009

CVE-2019-20009 affects GNU LibreDWG prior to 0.93. The issue arises from crafted input causing an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec, leading to memory exhaustion. Multiple connected advisories (openSUSE/SUSE) document the vulnerability and confirm reme...

CVE-2021-42586

CVE-2021-42586 affects GNU LibreDWG prior to 0.12.4, where a boundary/heap issue in decode_r2007.c: copy_bytes can trigger a heap buffer overflow when processing crafted DWG files. Several sources (SUSE, CNVD, NVD/NVD entry) confirm the vulnerability and version target. Impact is a heap overflow,...

CVE-2021-42585

The CVE-2021-42585 entry concerns GNU LibreDWG (a C library for processing DWG files). A heap buffer overflow was reported in copy_compressed_bytes within decode_r2007.c when processing untrusted input, affecting LibreDWG versions prior to 0.12.4 and triggered by crafted DWG files. Root cause ide...

CVE-2022-35164

LibreDWG is affected by CVE-2022-35164: v0.12.4.4608 with commit f2dea29 contains a heap use-after-free in bit_copy_chain. The CVSSv3.1 base score is 9.8 (CRITICAL). Remediation available: the OpenSUSE OSV advisory notes the fix is included in libredwg-devel-0.12.5-3.1 on the GA media. Per the Re...

CVE-2023-26157

CVE-2023-26157 affects libredwg prior to 0.12.5.6384 and arises from an out-of-bounds read of section->num_pages in decode_r2007.c, causing a Denial of Service. The issue is confirmed by multiple sources and has been mitigated in subsequent releases. OpenSUSE SUSE advisories (openSUSE-SU-2024:...

CVE-2018-14443

The CVE affects GNU LibreDWG, specifically the dwg.c file function get_first_owned_object in version 0.5.1036. The underlying issue allows remote attackers to cause a denial of service via a segmentation fault (SEGV). The provided connected documents confirm the affected component and the crash b...

CVE-2018-14524

CVE-2018-14524 affects GNU LibreDWG prior to 0.6, with a double-free in dwg_free_eed due to improper management of obj->eed after free during dwg_decode_eed. Affected component: LibreDWG (C library for DWG handling). Root cause: freeing obj->eed without proper reinitialization/handling. Imp...

CVE-2020-15807

GNU LibreDWG (C library) prior to version 0.11 is affected by a NULL pointer dereference when processing crafted input files. This vulnerability, CVE-2020-15807, is documented across multiple feeds (NVD entry notes a NULL pointer dereference; Red Hat/SUSE/CNVD mirrors echo the same description). ...

CVE-2018-14471

CVE-2018-14471 affects GNU LibreDWG 0.5.1048, where dwg_obj_block_control_get_block_headers (dwg_api.c) can be triggered by a crafted DWG file to cause a denial of service via a NULL pointer dereference/SEGV. The issue is corroborated across multiple issuances (e.g., Red Hat, SUSE, CNVD, OSV, NVD...