VYPR

Libredwg

by LibreDWG

Source repositories

CVEs (61)

  • CVE-2022-33032HigJun 23, 2022
    risk 0.51cvss 7.8epss 0.01

    LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.

  • CVE-2022-33028HigJun 23, 2022
    risk 0.51cvss 7.8epss 0.01

    LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.

  • CVE-2022-33027HigJun 23, 2022
    risk 0.51cvss 7.8epss 0.01

    LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.

  • CVE-2022-33026HigJun 23, 2022
    risk 0.51cvss 7.8epss 0.01

    LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

  • CVE-2022-33025HigJun 23, 2022
    risk 0.51cvss 7.8epss 0.01

    LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.

  • CVE-2020-21827HigMay 17, 2021
    risk 0.51cvss 7.8epss 0.01

    A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.

  • CVE-2022-33024HigJun 23, 2022
    risk 0.49cvss 7.5epss 0.01

    There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.

  • CVE-2021-28236HigDec 2, 2021
    risk 0.49cvss 7.5epss 0.01

    LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.

  • CVE-2019-9779HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776).

  • CVE-2019-9778HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec.

  • CVE-2019-9777HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec.

  • CVE-2019-9776HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).

  • CVE-2019-9773HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.

  • CVE-2019-9772HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec.

  • CVE-2019-9771HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c.

  • CVE-2019-9770HigMar 14, 2019
    risk 0.49cvss 7.5epss 0.03

    An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.

  • CVE-2019-20913HigJul 16, 2020
    risk 0.46cvss 8.1epss 0.01

    An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.

  • CVE-2025-61154MedMar 12, 2026
    risk 0.42cvss 6.5epss 0.00

    Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decode.c.

  • CVE-2021-45950MedJan 1, 2022
    risk 0.42cvss 6.5epss 0.01

    LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).

  • CVE-2021-39523MedSep 20, 2021
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.