CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

GNU » Libredwg » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-45950 787 2022-01-01 2022-01-11
4.3
None Remote Medium Not required None None Partial
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).
2 CVE-2021-39530 787 Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.
3 CVE-2021-39528 415 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.
4 CVE-2021-39527 787 Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.
5 CVE-2021-39525 787 Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
6 CVE-2021-39523 476 DoS 2021-09-20 2021-09-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an attacker to cause Denial of Service.
7 CVE-2021-39522 787 Overflow 2021-09-20 2021-09-24
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
8 CVE-2021-39521 476 DoS 2021-09-20 2021-09-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an attacker to cause Denial of Service.
9 CVE-2021-36080 415 2021-07-01 2021-07-08
6.8
None Remote Medium Not required Partial Partial Partial
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).
10 CVE-2020-15807 476 2020-07-17 2020-07-22
4.3
None Remote Medium Not required None None Partial
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
11 CVE-2019-20915 125 2020-07-16 2020-07-22
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.
12 CVE-2019-20914 476 2020-07-16 2020-07-22
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.
13 CVE-2019-20913 125 2020-07-16 2020-07-22
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.
14 CVE-2019-20912 787 Overflow 2020-07-16 2020-07-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.
15 CVE-2019-20911 835 DoS 2020-07-16 2020-07-22
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.
16 CVE-2019-20910 125 2020-07-16 2020-07-22
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.
17 CVE-2019-20909 476 2020-07-16 2020-07-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.
18 CVE-2019-20014 415 2019-12-27 2020-05-22
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
19 CVE-2019-20013 770 2019-12-27 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode_3dsolid in dwg.spec.
20 CVE-2019-20009 770 2019-12-27 2020-08-24
4.3
None Remote Medium Not required None None Partial
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_SPLINE_private in dwg.spec.
21 CVE-2018-14524 415 2018-07-23 2018-08-20
4.3
None Remote Medium Not required None None Partial
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
22 CVE-2018-14471 476 DoS 2018-07-20 2018-08-24
4.3
None Remote Medium Not required None None Partial
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
23 CVE-2018-14443 119 DoS Overflow 2018-07-20 2018-08-23
4.3
None Remote Medium Not required None None Partial
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.