Libredwg GNU Libredwg

Do you want an email whenever new security vulnerabilities are reported in GNU Libredwg?

By the Year

In 2024 there have been 1 vulnerability in GNU Libredwg with an average score of 7.5 out of ten. Last year Libredwg had 5 security vulnerabilities published. Right now, Libredwg is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 1.30

Year Vulnerabilities Average Score
2024 1 7.50
2023 5 8.80
2022 13 7.98
2021 33 8.14
2020 15 7.73
2019 13 7.69
2018 3 6.50

It may take a day or so for new Libredwg vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent GNU Libredwg Security Vulnerabilities

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

CVE-2023-26157 7.5 - High - January 02, 2024

Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

Out-of-bounds Read

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36271 8.8 - High - June 23, 2023

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

Memory Corruption

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36272 8.8 - High - June 23, 2023

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

Memory Corruption

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36273 8.8 - High - June 23, 2023

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

Memory Corruption

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow

CVE-2023-36274 8.8 - High - June 23, 2023

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

Memory Corruption

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5

CVE-2023-25222 8.8 - High - March 01, 2023

A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.

Memory Corruption

LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow

CVE-2022-45332 7.8 - High - November 30, 2022

LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.

Memory Corruption

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free

CVE-2022-35164 9.8 - Critical - August 18, 2022

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.

Dangling pointer

There is an Assertion `int decode_preR13_entities(BITCODE_RL

CVE-2022-33024 7.5 - High - June 23, 2022

There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.

assertion failure

LibreDWG v0.12.4.4608 was discovered to contain a stack overflow

CVE-2022-33034 7.8 - High - June 23, 2022

LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.

Memory Corruption

LibreDWG v0.12.4.4608 was discovered to contain a double-free

CVE-2022-33033 7.8 - High - June 23, 2022

LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.

Double-free

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow

CVE-2022-33032 7.8 - High - June 23, 2022

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.

Memory Corruption

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow

CVE-2022-33028 7.8 - High - June 23, 2022

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.

Memory Corruption

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free

CVE-2022-33027 7.8 - High - June 23, 2022

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.

Dangling pointer

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow

CVE-2022-33026 7.8 - High - June 23, 2022

LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

Memory Corruption

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free

CVE-2022-33025 7.8 - High - June 23, 2022

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.

Dangling pointer

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4

CVE-2021-42585 8.8 - High - May 23, 2022

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

Memory Corruption

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4

CVE-2021-42586 8.8 - High - May 23, 2022

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

Memory Corruption

LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called

CVE-2021-45950 6.5 - Medium - January 01, 2022

LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).

Memory Corruption

LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference

CVE-2021-28236 7.5 - High - December 02, 2021

LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.

NULL Pointer Dereference

LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow

CVE-2021-28237 9.8 - Critical - December 02, 2021

LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.

Memory Corruption

An issue was discovered in libredwg through v0.10.1.3751

CVE-2021-39530 8.8 - High - September 20, 2021

An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.

Memory Corruption

An issue was discovered in libredwg through v0.10.1.3751

CVE-2021-39528 8.8 - High - September 20, 2021

An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.

Double-free

An issue was discovered in libredwg through v0.10.1.3751

CVE-2021-39527 8.8 - High - September 20, 2021

An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.

Memory Corruption

An issue was discovered in libredwg through v0.10.1.3751

CVE-2021-39525 8.8 - High - September 20, 2021

An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.

Memory Corruption

An issue was discovered in libredwg through v0.10.1.3751

CVE-2021-39523 6.5 - Medium - September 20, 2021

An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.

NULL Pointer Dereference

An issue was discovered in libredwg through v0.10.1.3751

CVE-2021-39522 8.8 - High - September 20, 2021

An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.

Memory Corruption

An issue was discovered in libredwg through v0.10.1.3751

CVE-2021-39521 6.5 - Medium - September 20, 2021

An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.

NULL Pointer Dereference

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called

CVE-2021-36080 8.8 - High - July 01, 2021

GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).

Double-free

A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1

CVE-2020-23861 5.5 - Medium - May 18, 2021

A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.

Memory Corruption

GNU LibreDWG 0.10 is affected by: memcpy-param-overlap

CVE-2020-21844 8.8 - High - May 17, 2021

GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC

CVE-2020-21843 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.

Memory Corruption

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory

CVE-2020-21842 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.

Memory Corruption

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles

CVE-2020-21831 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.

Memory Corruption

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section

CVE-2020-21832 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.

Memory Corruption

A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC

CVE-2020-21830 8.8 - High - May 17, 2021

A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.

Memory Corruption

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes

CVE-2020-21833 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.

Memory Corruption

A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp

CVE-2020-21834 6.5 - Medium - May 17, 2021

A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.

Memory Corruption

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview

CVE-2020-21836 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.

Memory Corruption

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo

CVE-2020-21838 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.

Memory Corruption

A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section

CVE-2020-21835 6.5 - Medium - May 17, 2021

A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337.

NULL Pointer Dereference

An issue was discovered in GNU LibreDWG 0.10

CVE-2020-21839 6.5 - Medium - May 17, 2021

An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.

Memory Leak

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B

CVE-2020-21841 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.

Memory Corruption

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel

CVE-2020-21840 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.

Memory Corruption

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section

CVE-2020-21827 7.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.

Memory Corruption

A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT

CVE-2020-21815 6.5 - Medium - May 17, 2021

A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denial of service (application crash).

NULL Pointer Dereference

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape

CVE-2020-21814 8.8 - High - May 17, 2021

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.

Memory Corruption

A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape

CVE-2020-21816 8.8 - High - May 17, 2021

A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.

Memory Corruption

A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape

CVE-2020-21817 6.5 - Medium - May 17, 2021

A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial of service (application crash).

NULL Pointer Dereference

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape

CVE-2020-21818 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.

Memory Corruption

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape

CVE-2020-21819 8.8 - High - May 17, 2021

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.

Memory Corruption

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT

CVE-2020-21813 7.8 - High - May 17, 2021

A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.

Memory Corruption

GNU LibreDWG before 0.11

CVE-2020-15807 6.5 - Medium - July 17, 2020

GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.

NULL Pointer Dereference

An issue was discovered in GNU LibreDWG through 0.9.3

CVE-2019-20909 7.5 - High - July 16, 2020

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.

NULL Pointer Dereference

An issue was discovered in GNU LibreDWG through 0.9.3

CVE-2019-20910 8.1 - High - July 16, 2020

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.

Out-of-bounds Read

An issue was discovered in GNU LibreDWG through 0.9.3

CVE-2019-20911 6.5 - Medium - July 16, 2020

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.

Infinite Loop

An issue was discovered in GNU LibreDWG through 0.9.3

CVE-2019-20912 8.8 - High - July 16, 2020

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.

Memory Corruption

An issue was discovered in GNU LibreDWG through 0.9.3

CVE-2019-20914 9.8 - Critical - July 16, 2020

An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.

NULL Pointer Dereference

An issue was discovered in GNU LibreDWG through 0.9.3

CVE-2019-20915 8.1 - High - July 16, 2020

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.

Out-of-bounds Read

An issue was discovered in GNU LibreDWG through 0.9.3

CVE-2019-20913 8.1 - High - July 16, 2020

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.

Out-of-bounds Read

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.

CVE-2020-6612 8.1 - High - January 08, 2020

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.

Out-of-bounds Read

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

CVE-2020-6609 8.8 - High - January 08, 2020

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

Out-of-bounds Read

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.

CVE-2020-6610 6.5 - Medium - January 08, 2020

GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.

Allocation of Resources Without Limits or Throttling

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

CVE-2020-6611 6.5 - Medium - January 08, 2020

GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

NULL Pointer Dereference

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

CVE-2020-6613 8.1 - High - January 08, 2020

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

Out-of-bounds Read

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

CVE-2020-6614 8.1 - High - January 08, 2020

GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

Out-of-bounds Read

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

CVE-2020-6615 6.5 - Medium - January 08, 2020

GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

NULL Pointer Dereference

An issue was discovered in GNU LibreDWG before 0.93

CVE-2019-20009 6.5 - Medium - December 27, 2019

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.

Allocation of Resources Without Limits or Throttling

An issue was discovered in GNU LibreDWG before 0.93

CVE-2019-20013 6.5 - Medium - December 27, 2019

An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

Allocation of Resources Without Limits or Throttling

An issue was discovered in GNU LibreDWG before 0.93

CVE-2019-20014 8.8 - High - December 27, 2019

An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.

Double-free

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9770 7.5 - High - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.

Memory Corruption

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9779 7.5 - High - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

NULL Pointer Dereference

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9778 7.5 - High - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

Out-of-bounds Read

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9777 7.5 - High - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.

Out-of-bounds Read

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9776 7.5 - High - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).

NULL Pointer Dereference

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9775 9.1 - Critical - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.

Out-of-bounds Read

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9774 9.1 - Critical - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.

Out-of-bounds Read

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9773 7.5 - High - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.

Memory Corruption

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9772 7.5 - High - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

NULL Pointer Dereference

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645

CVE-2019-9771 7.5 - High - March 14, 2019

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

NULL Pointer Dereference

dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c)

CVE-2018-14524 6.5 - Medium - July 23, 2018

dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.

Double-free

dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048

CVE-2018-14471 6.5 - Medium - July 20, 2018

dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.

NULL Pointer Dereference

get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036

CVE-2018-14443 6.5 - Medium - July 20, 2018

get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).

Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for GNU Libredwg or by GNU? Click the Watch button to subscribe.

GNU
Vendor

GNU Libredwg
Product

subscribe