VYPR

rpm package

opensuse/libredwg&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libredwg&distro=openSUSE%20Tumbleweed

Vulnerabilities (30)

  • CVE-2026-9605HigMay 27, 2026
    affected < 0.13.4.8200-1.1fixed 0.13.4.8200-1.1

    A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been pu

  • CVE-2026-9504LowMay 25, 2026
    affected < 0.13.4.8200-1.1fixed 0.13.4.8200-1.1

    A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made avai

  • CVE-2026-9503LowMay 25, 2026
    affected < 0.13.4.8200-1.1fixed 0.13.4.8200-1.1

    A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The expl

  • CVE-2026-9501LowMay 25, 2026
    affected < 0.13.4.8200-1.1fixed 0.13.4.8200-1.1

    A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local executio

  • CVE-2023-26157Jan 2, 2024
    affected < 0.12.5.6924-1.1fixed 0.12.5.6924-1.1

    Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

  • CVE-2023-36273Jun 23, 2023
    affected < 0.12.5.5907-1.1fixed 0.12.5.5907-1.1

    LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

  • CVE-2023-36271Jun 23, 2023
    affected < 0.12.5.5907-1.1fixed 0.12.5.5907-1.1

    LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

  • CVE-2022-35164Aug 18, 2022
    affected < 0.12.5-3.1fixed 0.12.5-3.1

    LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.

  • CVE-2022-33025Jun 22, 2022
    affected < 0.12.5.5907-1.1fixed 0.12.5.5907-1.1

    LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.

  • CVE-2021-28237Dec 2, 2021
    affected < 0.12.5-2.1fixed 0.12.5-2.1

    LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.

  • CVE-2020-6609Jan 8, 2020
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.

  • CVE-2020-6611Jan 8, 2020
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.

  • CVE-2020-6613Jan 8, 2020
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

  • CVE-2020-6615Jan 8, 2020
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

  • CVE-2019-20009Dec 27, 2019
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.

  • CVE-2019-20012Dec 27, 2019
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HATCH_private in dwg.spec.

  • CVE-2019-20014Dec 27, 2019
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.

  • CVE-2019-20010Dec 27, 2019
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.

  • CVE-2019-9779Mar 14, 2019
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

  • CVE-2019-9778Mar 14, 2019
    affected < 0.11.1-1.6fixed 0.11.1-1.6

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

Page 1 of 2