GNU Libredwg
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in GNU Libredwg.
By the Year
In 2025 there have been 0 vulnerabilities in GNU Libredwg. Last year, in 2024 Libredwg had 1 security vulnerability published. Right now, Libredwg is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 1 | 7.50 |
2023 | 5 | 8.80 |
2022 | 13 | 7.98 |
2021 | 33 | 8.14 |
2020 | 15 | 7.73 |
2019 | 13 | 7.69 |
2018 | 3 | 6.50 |
It may take a day or so for new Libredwg vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GNU Libredwg Security Vulnerabilities
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
CVE-2023-26157
7.5 - High
- January 02, 2024
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
Out-of-bounds Read
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow
CVE-2023-36271
8.8 - High
- June 23, 2023
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
Memory Corruption
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow
CVE-2023-36272
8.8 - High
- June 23, 2023
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
Memory Corruption
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow
CVE-2023-36273
8.8 - High
- June 23, 2023
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
Memory Corruption
LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow
CVE-2023-36274
8.8 - High
- June 23, 2023
LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
Memory Corruption
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5
CVE-2023-25222
8.8 - High
- March 01, 2023
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
Memory Corruption
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow
CVE-2022-45332
7.8 - High
- November 30, 2022
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.
Memory Corruption
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free
CVE-2022-35164
9.8 - Critical
- August 18, 2022
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
Dangling pointer
There is an Assertion `int decode_preR13_entities(BITCODE_RL
CVE-2022-33024
7.5 - High
- June 23, 2022
There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.
assertion failure
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow
CVE-2022-33034
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.
Memory Corruption
LibreDWG v0.12.4.4608 was discovered to contain a double-free
CVE-2022-33033
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.
Double-free
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow
CVE-2022-33032
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.
Memory Corruption
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow
CVE-2022-33028
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.
Memory Corruption
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free
CVE-2022-33027
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.
Dangling pointer
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow
CVE-2022-33026
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
Memory Corruption
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free
CVE-2022-33025
7.8 - High
- June 23, 2022
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
Dangling pointer
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4
CVE-2021-42585
8.8 - High
- May 23, 2022
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
Memory Corruption
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4
CVE-2021-42586
8.8 - High
- May 23, 2022
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
Memory Corruption
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called
CVE-2021-45950
6.5 - Medium
- January 01, 2022
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).
Memory Corruption
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference
CVE-2021-28236
7.5 - High
- December 02, 2021
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
NULL Pointer Dereference
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow
CVE-2021-28237
9.8 - Critical
- December 02, 2021
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
Memory Corruption
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39530
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.
Memory Corruption
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39528
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.
Double-free
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39527
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.
Memory Corruption
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39525
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
Memory Corruption
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39523
6.5 - Medium
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.
NULL Pointer Dereference
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39522
8.8 - High
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
Memory Corruption
An issue was discovered in libredwg through v0.10.1.3751
CVE-2021-39521
6.5 - Medium
- September 20, 2021
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.
NULL Pointer Dereference
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called
CVE-2021-36080
8.8 - High
- July 01, 2021
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).
Double-free
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1
CVE-2020-23861
5.5 - Medium
- May 18, 2021
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
Memory Corruption
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap
CVE-2020-21844
8.8 - High
- May 17, 2021
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC
CVE-2020-21843
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
Memory Corruption
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory
CVE-2020-21842
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
Memory Corruption
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles
CVE-2020-21831
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
Memory Corruption
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section
CVE-2020-21832
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.
Memory Corruption
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC
CVE-2020-21830
8.8 - High
- May 17, 2021
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.
Memory Corruption
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes
CVE-2020-21833
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.
Memory Corruption
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp
CVE-2020-21834
6.5 - Medium
- May 17, 2021
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
Memory Corruption
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview
CVE-2020-21836
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.
Memory Corruption
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo
CVE-2020-21838
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.
Memory Corruption
A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section
CVE-2020-21835
6.5 - Medium
- May 17, 2021
A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337.
NULL Pointer Dereference
An issue was discovered in GNU LibreDWG 0.10
CVE-2020-21839
6.5 - Medium
- May 17, 2021
An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.
Memory Leak
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B
CVE-2020-21841
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.
Memory Corruption
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel
CVE-2020-21840
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.
Memory Corruption
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section
CVE-2020-21827
7.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.
Memory Corruption
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT
CVE-2020-21815
6.5 - Medium
- May 17, 2021
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).
NULL Pointer Dereference
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape
CVE-2020-21814
8.8 - High
- May 17, 2021
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.
Memory Corruption
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape
CVE-2020-21816
8.8 - High
- May 17, 2021
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.
Memory Corruption
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape
CVE-2020-21817
6.5 - Medium
- May 17, 2021
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).
NULL Pointer Dereference
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape
CVE-2020-21818
8.8 - High
- May 17, 2021
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for GNU Libredwg or by GNU? Click the Watch button to subscribe.
