Gnu: >> Libredwg Security Vulnerabilities
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
CVSS Score
6.5
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
CVSS Score
8.1
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
CVSS Score
8.1
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
CVSS Score
8.1
EPSS Score
0.006
Published
2020-01-08
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
CVSS Score
6.5
EPSS Score
0.007
Published
2020-01-08
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
CVSS Score
6.5
EPSS Score
0.006
Published
2019-12-27
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-12-27
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-12-27