VYPR

Vendor CVEs

LibreDWG

All CVEs

62 total · sorted by risk
  • CVE-2026-9500MedMay 25, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with…

  • CVE-2026-9502MedMay 25, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is…

  • CVE-2026-9529LowMay 26, 2026
    risk 0.21cvss 3.3epss 0.00

    A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach.…

  • CVE-2026-9530LowMay 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The…

  • CVE-2026-9504LowMay 25, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made…

  • CVE-2026-9503LowMay 25, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The…

  • CVE-2026-9501LowMay 25, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local…

  • CVE-2023-26157MedJan 2, 2024
    risk 0.00cvss 5.5epss 0.01

    Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

  • CVE-2023-36274HigJun 23, 2023
    risk 0.00cvss 8.8epss 0.01

    LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

  • CVE-2023-36272HigJun 23, 2023
    risk 0.00cvss 8.8epss 0.01

    LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

  • CVE-2023-36271HigJun 23, 2023
    risk 0.00cvss 8.8epss 0.01

    LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

  • CVE-2021-36080HigJul 1, 2021
    risk 0.00cvss 8.8epss 0.01

    GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).

Page 2 of 2