GNU LibreDWG 0.9.2

CPE Details

GNU LibreDWG 0.9.2
gnu
libredwg
0.9.2
2020-05-29
16h06 +00:00
2020-05-29
16h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gnu:libredwg:0.9.2:*:*:*:*:*:*:*

Informations

Vendor

gnu

Product

libredwg

Version

0.9.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-26157 2024-01-02 05h00 +00:00 Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
7.5
High
CVE-2022-35164 2022-08-18 02h49 +00:00 LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
9.8
Critical
CVE-2021-42586 2022-05-23 08h39 +00:00 A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
8.8
High
CVE-2021-42585 2022-05-23 08h35 +00:00 A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
8.8
High
CVE-2021-39525 2021-09-20 13h28 +00:00 An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
8.8
High
CVE-2021-39523 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.
6.5
Medium
CVE-2021-39527 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.
8.8
High
CVE-2021-39528 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.
8.8
High
CVE-2021-39530 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.
8.8
High
CVE-2021-39521 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.
6.5
Medium
CVE-2021-39522 2021-09-20 13h26 +00:00 An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
8.8
High
CVE-2020-15807 2020-07-17 13h35 +00:00 GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
6.5
Medium
CVE-2019-20909 2020-07-16 15h46 +00:00 An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.
7.5
High
CVE-2019-20910 2020-07-16 15h46 +00:00 An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.
8.1
High
CVE-2019-20911 2020-07-16 15h46 +00:00 An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.
6.5
Medium
CVE-2019-20912 2020-07-16 15h46 +00:00 An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.
8.8
High
CVE-2019-20913 2020-07-16 15h46 +00:00 An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.
8.1
High
CVE-2019-20914 2020-07-16 15h46 +00:00 An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.
9.8
Critical
CVE-2019-20915 2020-07-16 15h46 +00:00 An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.
8.1
High
CVE-2019-20009 2019-12-26 23h15 +00:00 An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
6.5
Medium
CVE-2019-20011 2019-12-26 23h15 +00:00 An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
8.8
High
CVE-2019-20012 2019-12-26 23h15 +00:00 An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.
6.5
Medium
CVE-2019-20013 2019-12-26 23h14 +00:00 An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.
6.5
Medium
CVE-2019-20014 2019-12-26 23h14 +00:00 An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
8.8
High
CVE-2019-20015 2019-12-26 23h14 +00:00 An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LWPOLYLINE_private in dwg.spec.
6.5
Medium
CVE-2019-20010 2019-12-26 23h14 +00:00 An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
8.8
High