rpm package
opensuse/libredwg&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libredwg&distro=openSUSE%20Tumbleweed
Vulnerabilities (30)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-9777 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec. | ||
| CVE-2019-9776 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779). | ||
| CVE-2019-9775 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec. | ||
| CVE-2019-9774 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c. | ||
| CVE-2019-9773 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension. | ||
| CVE-2019-9772 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec. | ||
| CVE-2019-9771 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c. | ||
| CVE-2019-9770 | — | < 0.11.1-1.6 | 0.11.1-1.6 | Mar 14, 2019 | An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension. | ||
| CVE-2018-14524 | Med | 6.5 | < 0.11.1-1.6 | 0.11.1-1.6 | Jul 23, 2018 | dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs. | |
| CVE-2018-14471 | Med | 6.5 | < 0.11.1-1.6 | 0.11.1-1.6 | Jul 20, 2018 | dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file. |
- CVE-2019-9777Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.
- CVE-2019-9776Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).
- CVE-2019-9775Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.
- CVE-2019-9774Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
- CVE-2019-9773Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.
- CVE-2019-9772Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.
- CVE-2019-9771Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.
- CVE-2019-9770Mar 14, 2019affected < 0.11.1-1.6fixed 0.11.1-1.6
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.
- affected < 0.11.1-1.6fixed 0.11.1-1.6
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
- affected < 0.11.1-1.6fixed 0.11.1-1.6
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
Page 2 of 2