GNU LibreDWG 0.9.3.2564

CPE Details

GNU LibreDWG 0.9.3.2564
gnu
libredwg
0.9.3.2564
2020-01-09
15h07 +00:00
2020-01-09
15h07 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:libredwg:0.9.3.2564:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

libredwg

Version

0.9.3.2564

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-26157 2024-01-02 05h00 +00:00 Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
7.5
High
CVE-2022-35164 2022-08-18 02h49 +00:00 LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
9.8
Critical
CVE-2021-42586 2022-05-23 08h39 +00:00 A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
8.8
High
CVE-2021-42585 2022-05-23 08h35 +00:00 A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
8.8
High
CVE-2021-39525 2021-09-20 13h28 +00:00 An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
8.8
High
CVE-2021-39523 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.
6.5
Medium
CVE-2021-39527 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.
8.8
High
CVE-2021-39528 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.
8.8
High
CVE-2021-39530 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.
8.8
High
CVE-2021-39521 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.
6.5
Medium
CVE-2021-39522 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
8.8
High
CVE-2020-15807 2020-07-17 13h35 +00:00 GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
6.5
Medium
CVE-2020-6609 2020-01-08 19h44 +00:00 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
8.8
High
CVE-2020-6610 2020-01-08 19h43 +00:00 GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
6.5
Medium
CVE-2020-6611 2020-01-08 19h43 +00:00 GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
6.5
Medium
CVE-2020-6612 2020-01-08 19h43 +00:00 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
8.1
High
CVE-2020-6613 2020-01-08 19h43 +00:00 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
8.1
High
CVE-2020-6614 2020-01-08 19h43 +00:00 GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
8.1
High
CVE-2020-6615 2020-01-08 19h43 +00:00 GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
6.5
Medium