Gnu: >> Libredwg >> 0.10 Security Vulnerabilities
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-09-20
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-20
An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-09-20
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-05-17
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-05-17
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-05-17
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-05-17
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-05-17