rpm package
opensuse/libredwg&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libredwg&distro=openSUSE%20Tumbleweed
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-9605 | Hig | 7.3 | < 0.13.4.8200-1.1 | 0.13.4.8200-1.1 | May 27, 2026 | A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been pu | |
| CVE-2026-9504 | Low | 3.3 | < 0.13.4.8200-1.1 | 0.13.4.8200-1.1 | May 25, 2026 | A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made avai | |
| CVE-2026-9503 | Low | 3.3 | < 0.13.4.8200-1.1 | 0.13.4.8200-1.1 | May 25, 2026 | A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The expl | |
| CVE-2026-9501 | Low | 3.3 | < 0.13.4.8200-1.1 | 0.13.4.8200-1.1 | May 25, 2026 | A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local executio | |
| CVE-2023-26157 | — | < 0.12.5.6924-1.1 | 0.12.5.6924-1.1 | Jan 2, 2024 | Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. | ||
| CVE-2023-36273 | — | < 0.12.5.5907-1.1 | 0.12.5.5907-1.1 | Jun 23, 2023 | LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | ||
| CVE-2023-36271 | — | < 0.12.5.5907-1.1 | 0.12.5.5907-1.1 | Jun 23, 2023 | LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. | ||
| CVE-2022-35164 | — | < 0.12.5-3.1 | 0.12.5-3.1 | Aug 18, 2022 | LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. | ||
| CVE-2022-33025 | — | < 0.12.5.5907-1.1 | 0.12.5.5907-1.1 | Jun 22, 2022 | LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. | ||
| CVE-2021-28237 | — | < 0.12.5-2.1 | 0.12.5-2.1 | Dec 2, 2021 | LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | ||
| CVE-2020-6609 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Jan 8, 2020 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c. | ||
| CVE-2020-6611 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Jan 8, 2020 | GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c. | ||
| CVE-2020-6613 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Jan 8, 2020 | GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c. | ||
| CVE-2020-6615 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Jan 8, 2020 | GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl). | ||
| CVE-2019-20009 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Dec 27, 2019 | An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec. | ||
| CVE-2019-20012 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Dec 27, 2019 | An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec. | ||
| CVE-2019-20014 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Dec 27, 2019 | An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. | ||
| CVE-2019-20010 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Dec 27, 2019 | An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c. | ||
| CVE-2019-9779 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776). | ||
| CVE-2019-9778 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec. |
- affected < 0.13.4.8200-1.1fixed 0.13.4.8200-1.1
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been pu
- affected < 0.13.4.8200-1.1fixed 0.13.4.8200-1.1
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made avai
- affected < 0.13.4.8200-1.1fixed 0.13.4.8200-1.1
A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The expl
- affected < 0.13.4.8200-1.1fixed 0.13.4.8200-1.1
A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local executio
- CVE-2023-26157Jan 2, 2024affected < 0.12.5.6924-1.1fixed 0.12.5.6924-1.1
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.
- CVE-2023-36273Jun 23, 2023affected < 0.12.5.5907-1.1fixed 0.12.5.5907-1.1
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
- CVE-2023-36271Jun 23, 2023affected < 0.12.5.5907-1.1fixed 0.12.5.5907-1.1
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
- CVE-2022-35164Aug 18, 2022affected < 0.12.5-3.1fixed 0.12.5-3.1
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
- CVE-2022-33025Jun 22, 2022affected < 0.12.5.5907-1.1fixed 0.12.5.5907-1.1
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
- CVE-2021-28237Dec 2, 2021affected < 0.12.5-2.1fixed 0.12.5-2.1
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
- CVE-2020-6609Jan 8, 2020affected < 0.11.1-1.6fixed 0.11.1-1.6
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
- CVE-2020-6611Jan 8, 2020affected < 0.11.1-1.6fixed 0.11.1-1.6
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
- CVE-2020-6613Jan 8, 2020affected < 0.11.1-1.6fixed 0.11.1-1.6
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
- CVE-2020-6615Jan 8, 2020affected < 0.11.1-1.6fixed 0.11.1-1.6
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
- CVE-2019-20009Dec 27, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
- CVE-2019-20012Dec 27, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.
- CVE-2019-20014Dec 27, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
- CVE-2019-20010Dec 27, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
- CVE-2019-9779Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).
- CVE-2019-9778Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.
Page 1 of 2