VYPR

Libredwg

by LibreDWG

Source repositories

CVEs (61)

  • CVE-2022-35164CriAug 18, 2022
    risk 0.64cvss 9.8epss 0.01

    LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.

  • CVE-2021-28237CriDec 2, 2021
    risk 0.64cvss 9.8epss 0.01

    LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.

  • CVE-2019-9775CriMar 14, 2019
    risk 0.59cvss 9.1epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.

  • CVE-2019-9774CriMar 14, 2019
    risk 0.59cvss 9.1epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.

  • CVE-2023-36273HigJun 23, 2023
    risk 0.57cvss 8.8epss 0.01

    LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

  • CVE-2021-42586HigMay 23, 2022
    risk 0.57cvss 8.8epss 0.01

    A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

  • CVE-2021-42585HigMay 23, 2022
    risk 0.57cvss 8.8epss 0.01

    A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

  • CVE-2021-39530HigSep 20, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.

  • CVE-2021-39528HigSep 20, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.

  • CVE-2021-39527HigSep 20, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.

  • CVE-2021-39525HigSep 20, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.

  • CVE-2021-39522HigSep 20, 2021
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.

  • CVE-2020-21830HigMay 17, 2021
    risk 0.57cvss 8.8epss 0.01

    A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.

  • CVE-2019-20914CriJul 16, 2020
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.

  • CVE-2019-20014HigDec 27, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.

  • CVE-2019-20010HigDec 27, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.

  • CVE-2020-6613HigJan 8, 2020
    risk 0.53cvss 8.1epss 0.02

    GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.

  • CVE-2022-45332HigNov 30, 2022
    risk 0.51cvss 7.8epss 0.00

    LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.

  • CVE-2022-33034HigJun 23, 2022
    risk 0.51cvss 7.8epss 0.01

    LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.

  • CVE-2022-33033HigJun 23, 2022
    risk 0.51cvss 7.8epss 0.01

    LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.

Page 1 of 4