Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libredwg
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 87 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-20 | CVE-2021-39528 | An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. | Libredwg | 8.8 | ||
| 2021-09-20 | CVE-2021-39530 | An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow. | Libredwg | 8.8 | ||
| 2021-12-02 | CVE-2021-28236 | LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. | Libredwg | 7.5 | ||
| 2021-12-02 | CVE-2021-28237 | LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. | Libredwg | 9.8 | ||
| 2022-01-01 | CVE-2021-45950 | LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). | Libredwg | 6.5 | ||
| 2022-05-23 | CVE-2021-42585 | A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | Libredwg | 8.8 | ||
| 2022-05-23 | CVE-2021-42586 | A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file. | Libredwg | 8.8 | ||
| 2022-06-23 | CVE-2022-33024 | There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. | Libredwg | 7.5 | ||
| 2022-06-23 | CVE-2022-33025 | LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. | Libredwg | 7.8 | ||
| 2022-06-23 | CVE-2022-33026 | LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | Libredwg | 7.8 |