Gnu Libredwg vulnerabilities

CVE-2023-26157 [MEDIUM] CWE-400 CVE-2023-26157: Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.

CVE-2023-36271 [HIGH] CWE-787 CVE-2023-36271: LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2 LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

CVE-2023-36273 [HIGH] CWE-787 CVE-2023-36273: LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at b LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

CVE-2023-36274 [HIGH] CWE-787 CVE-2023-36274: LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_writ LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

CVE-2023-36272 [HIGH] CWE-787 CVE-2023-36272: LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8 LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

CVE-2023-25222 [HIGH] CWE-787 CVE-2023-25222: A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC functio A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.

CVE-2022-45332 [HIGH] CWE-787 CVE-2022-45332: LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR1 LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.

CVE-2022-35164 [CRITICAL] CWE-416 CVE-2022-35164: LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_ LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.

CVE-2022-33034 [HIGH] CWE-787 CVE-2022-33034: LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at deco LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.

CVE-2022-33033 [HIGH] CWE-415 CVE-2022-33033: LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg. LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.

CVE-2022-33024 [HIGH] CWE-617 CVE-2022-33024: There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608.

CVE-2021-42585 [HIGH] CWE-787 CVE-2021-42585: A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0 A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

CVE-2021-42586 [HIGH] CWE-787 CVE-2021-42586: A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

CVE-2021-45950 [MEDIUM] CWE-787 CVE-2021-45950: LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (calle LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).

CVE-2021-28237 [CRITICAL] CWE-787 CVE-2021-28237: LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.

CVE-2021-28236 [HIGH] CWE-476 CVE-2021-28236: LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.

CVE-2021-39528 [HIGH] CWE-415 CVE-2021-39528: An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec ha An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.

CVE-2021-39530 [HIGH] CWE-787 CVE-2021-39530: An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.

CVE-2021-39522 [HIGH] CWE-787 CVE-2021-39522: An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based b An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.

CVE-2021-39525 [HIGH] CWE-787 CVE-2021-39525: An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-base An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.