Libredwg Security Vulnerabilities and Issues — Libredwg CVE List

Lucene search

GnuLibredwg

22 matches found

CVE•added 2019/03/14 9:29 a.m.•120 views

CVE-2019-9773

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.

7.5CVSS8.5AI score0.02801EPSS

CVE•added 2019/03/14 9:29 a.m.•118 views

CVE-2019-9771

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

7.5CVSS8.2AI score0.02523EPSS

CVE•added 2019/03/14 9:29 a.m.•115 views

CVE-2019-9777

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.

7.5CVSS8.3AI score0.02434EPSS

CVE•added 2019/03/14 9:29 a.m.•112 views

CVE-2019-9770

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.

7.5CVSS8.5AI score0.02893EPSS

CVE•added 2019/03/14 9:29 a.m.•110 views

CVE-2019-9776

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).

7.5CVSS7.3AI score0.02442EPSS

CVE•added 2019/03/14 9:29 a.m.•110 views

CVE-2019-9779

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

7.5CVSS7.3AI score0.02442EPSS

CVE•added 2019/03/14 9:29 a.m.•109 views

CVE-2019-9778

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

7.5CVSS8.3AI score0.02434EPSS

CVE•added 2022/06/23 5:15 p.m.•61 views

CVE-2022-33025

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.

7.8CVSS7.9AI score0.00103EPSS

CVE•added 2022/06/23 5:15 p.m.•61 views

CVE-2022-33028

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.

7.8CVSS7.9AI score0.00169EPSS

CVE•added 2022/06/23 5:15 p.m.•60 views

CVE-2022-33027

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.

7.8CVSS7.6AI score0.0016EPSS

CVE•added 2022/06/23 5:15 p.m.•57 views

CVE-2022-33024

There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.

7.5CVSS7.5AI score0.00266EPSS

CVE•added 2022/06/23 5:15 p.m.•53 views

CVE-2022-33033

LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.

7.8CVSS7.6AI score0.0016EPSS

CVE•added 2022/06/23 5:15 p.m.•50 views

CVE-2022-33032

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.

7.8CVSS7.6AI score0.0016EPSS

CVE•added 2022/06/23 5:15 p.m.•50 views

CVE-2022-33034

LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.

7.8CVSS7.8AI score0.00169EPSS

CVE•added 2022/06/23 5:15 p.m.•46 views

CVE-2022-33026

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

7.8CVSS7.9AI score0.00169EPSS

CVE•added 2024/01/02 5:15 a.m.•42 views

CVE-2023-26157

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

7.5CVSS7.4AI score0.00043EPSS

CVE•added 2020/07/16 6:15 p.m.•41 views

CVE-2019-20909

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.

7.5CVSS7.4AI score0.00336EPSS

CVE•added 2022/11/30 3:15 a.m.•38 views

CVE-2022-45332

LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.

7.8CVSS7.9AI score0.00025EPSS

CVE•added 2021/05/17 6:15 p.m.•35 views

CVE-2020-21813

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.

7.8CVSS7.8AI score0.00306EPSS

CVE•added 2021/12/02 10:15 p.m.•35 views

CVE-2021-28236

LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.

7.5CVSS7.5AI score0.00435EPSS

CVE•added 2021/05/17 8:15 p.m.•34 views

CVE-2020-21827

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.

7.8CVSS7.8AI score0.00279EPSS

CVE•added 2019/03/14 9:29 a.m.•29 views

CVE-2019-9772

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

7.5CVSS8.2AI score0.02442EPSS