Gnu: >> Libredwg Security Vulnerabilities
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.
CVSS Score
7.5
EPSS Score
0.028
Published
2019-03-14
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
CVSS Score
9.1
EPSS Score
0.031
Published
2019-03-14
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at dwg.spec.
CVSS Score
9.1
EPSS Score
0.031
Published
2019-03-14
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779).
CVSS Score
7.5
EPSS Score
0.024
Published
2019-03-14
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-07-23
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-07-20
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).
CVSS Score
6.5
EPSS Score
0.004
Published
2018-07-20
Page 9