Gnu Libredwg vulnerabilities

CVE-2021-39527 [HIGH] CWE-787 CVE-2021-39527: An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-b An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.

CVE-2021-39521 [MEDIUM] CWE-476 CVE-2021-39521: An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the f An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.

CVE-2021-39523 [MEDIUM] CWE-476 CVE-2021-39523: An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the f An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.

CVE-2021-36080 [HIGH] CWE-415 CVE-2021-36080: GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_en GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).

CVE-2020-23861 [MEDIUM] CWE-787 CVE-2020-23861: A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page functi A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.

CVE-2020-21836 [HIGH] CWE-787 CVE-2020-21836: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.

CVE-2020-21813 [HIGH] CWE-787 CVE-2020-21813: A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/d A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.

CVE-2020-21827 [HIGH] CWE-787 CVE-2020-21827: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_sect A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.

CVE-2020-21814 [HIGH] CWE-787 CVE-2020-21814: A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/e A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.

CVE-2020-21838 [HIGH] CWE-787 CVE-2020-21838: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.

CVE-2020-21843 [HIGH] CWE-787 CVE-2020-21843: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.

CVE-2020-21830 [HIGH] CWE-787 CVE-2020-21830: A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/b A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.

CVE-2020-21818 [HIGH] CWE-787 CVE-2020-21818: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../pro A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.

CVE-2020-21833 [HIGH] CWE-787 CVE-2020-21833: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.

CVE-2020-21832 [HIGH] CWE-787 CVE-2020-21832: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_sect A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.

CVE-2020-21840 [HIGH] CWE-787 CVE-2020-21840: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../ A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.

CVE-2020-21844 [HIGH] CVE-2020-21844: GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remot GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.

CVE-2020-21841 [HIGH] CWE-787 CVE-2020-21841: A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits. A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.

CVE-2020-21831 [HIGH] CWE-787 CVE-2020-21831: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.

CVE-2020-21819 [HIGH] CWE-787 CVE-2020-21819: A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../prog A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.