VYPR

Libredwg

by LibreDWG

Source repositories

CVEs (60)

  • CVE-2020-15807MedJul 17, 2020
    risk 0.42cvss 6.5epss 0.01

    GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.

  • CVE-2020-6615MedJan 8, 2020
    risk 0.42cvss 6.5epss 0.02

    GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

  • CVE-2020-6610MedJan 8, 2020
    risk 0.42cvss 6.5epss 0.01

    GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.

  • CVE-2019-20013MedDec 27, 2019
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.

  • CVE-2026-9605HigMay 27, 2026
    risk 0.40cvss 7.3epss 0.00

    A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2020-23861MedMay 18, 2021
    risk 0.36cvss 5.5epss 0.01

    A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.

  • CVE-2018-14471MedJul 20, 2018
    risk 0.35cvss 6.5epss 0.01

    dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.

  • CVE-2018-14443MedJul 20, 2018
    risk 0.35cvss 6.5epss 0.01

    get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).

  • CVE-2026-9500MedMay 25, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with…

  • CVE-2026-9502MedMay 25, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is…

  • CVE-2026-9529LowMay 26, 2026
    risk 0.21cvss 3.3epss 0.00

    A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach.…

  • CVE-2026-9530LowMay 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The…

  • CVE-2026-9504LowMay 25, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made…

  • CVE-2026-9503LowMay 25, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The…

  • CVE-2026-9501LowMay 25, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local…

  • CVE-2023-26157MedJan 2, 2024
    risk 0.00cvss 5.5epss 0.01

    Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

  • CVE-2023-36274HigJun 23, 2023
    risk 0.00cvss 8.8epss 0.01

    LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

  • CVE-2023-36272HigJun 23, 2023
    risk 0.00cvss 8.8epss 0.01

    LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

  • CVE-2023-36271HigJun 23, 2023
    risk 0.00cvss 8.8epss 0.01

    LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

  • CVE-2021-36080HigJul 1, 2021
    risk 0.00cvss 8.8epss 0.01

    GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).

Page 3 of 3