Libredwg Security Vulnerabilities and Issues — Libredwg CVE List

Lucene search

GnuLibredwg

15 matches found

CVE•added 2020/01/08 9:15 p.m.•124 views

CVE-2020-6610

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.

6.5CVSS7.2AI score0.00528EPSS

CVE•added 2020/01/08 9:15 p.m.•120 views

CVE-2020-6613

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

8.1CVSS8.3AI score0.00605EPSS

CVE•added 2020/01/08 9:15 p.m.•119 views

CVE-2020-6609

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

8.8CVSS8.6AI score0.00561EPSS

CVE•added 2020/01/08 9:15 p.m.•116 views

CVE-2020-6614

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

8.1CVSS8.3AI score0.00605EPSS

CVE•added 2020/01/08 9:15 p.m.•115 views

CVE-2020-6615

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

6.5CVSS7.3AI score0.00672EPSS

CVE•added 2020/01/08 9:15 p.m.•114 views

CVE-2020-6611

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

6.5CVSS7.2AI score0.00579EPSS

CVE•added 2020/01/08 9:15 p.m.•110 views

CVE-2020-6612

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.

8.1CVSS8.3AI score0.00605EPSS

CVE•added 2020/07/16 6:15 p.m.•43 views

CVE-2019-20913

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.

8.1CVSS7.9AI score0.00397EPSS

CVE•added 2020/07/16 6:15 p.m.•41 views

CVE-2019-20909

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.

7.5CVSS7.4AI score0.00336EPSS

CVE•added 2020/07/16 6:15 p.m.•41 views

CVE-2019-20911

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.

6.5CVSS6.2AI score0.00285EPSS

CVE•added 2020/07/16 6:15 p.m.•38 views

CVE-2019-20914

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.

9.8CVSS9.2AI score0.00372EPSS

CVE•added 2020/07/16 6:15 p.m.•38 views

CVE-2019-20915

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.

8.1CVSS7.9AI score0.00397EPSS

CVE•added 2020/07/16 6:15 p.m.•37 views

CVE-2019-20912

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.

8.8CVSS8.7AI score0.0042EPSS

CVE•added 2020/07/16 6:15 p.m.•36 views

CVE-2019-20910

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.

8.1CVSS8.2AI score0.0051EPSS

CVE•added 2020/07/17 4:15 p.m.•34 views

CVE-2020-15807

GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.

6.5CVSS6.4AI score0.00411EPSS