threat
engine
.sh
Back
·
··:··
Home
/
Product
/
gnu libredwg
Product
gnu libredwg
87 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-26157
< 0.12.5.6384
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involvi
5.5
MEDIUM
CVE-2023-36274
>= 0.11 and <= 0.12.5
LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
8.8
HIGH
CVE-2023-36273
all versions
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
8.8
HIGH
CVE-2023-36272
>= 0.10 and <= 0.12.5
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
8.8
HIGH
CVE-2023-36271
>= 0.10 and <= 0.12.5
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
8.8
HIGH
CVE-2023-25222
all versions
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
8.8
HIGH
CVE-2022-45332
all versions
LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.
7.8
HIGH
CVE-2022-35164
< 0.12.4.4608
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.
9.8
CRITICAL
CVE-2022-33034
all versions
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.
7.8
HIGH
CVE-2022-33033
all versions
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.
7.8
HIGH
CVE-2022-33032
all versions
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.
7.8
HIGH
CVE-2022-33028
all versions
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c.
7.8
HIGH
CVE-2022-33027
all versions
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c.
7.8
HIGH
CVE-2022-33026
all versions
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
7.8
HIGH
CVE-2022-33025
all versions
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
7.8
HIGH
CVE-2022-33024
all versions
There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, Bit_Chain *, Dwg_D
7.5
HIGH
CVE-2021-42586
< 0.12.4
A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
8.8
HIGH
CVE-2021-42585
< 0.12.4
A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.
8.8
HIGH
CVE-2021-45950
>= 0.12.4.4313 and <= 0.12.4.4367
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_
6.5
MEDIUM
CVE-2021-28237
all versions
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
9.8
CRITICAL
CVE-2021-28236
all versions
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
7.5
HIGH
CVE-2021-39530
<= 0.10.1.3751
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.
8.8
HIGH
CVE-2021-39528
<= 0.10.1.3751
An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.
8.8
HIGH
CVE-2021-39527
<= 0.10.1.3751
An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.
8.8
HIGH
CVE-2021-39525
<= 0.10.1.3751
An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
8.8
HIGH
CVE-2021-39523
<= 0.10.1.3751
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles
6.5
MEDIUM
CVE-2021-39522
<= 0.10.1.3751
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
8.8
HIGH
CVE-2021-39521
<= 0.10.1.3751
An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located
6.5
MEDIUM
CVE-2021-36080
>= 0.12.3.4163 and <= 0.12.3.4191
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_
8.8
HIGH
CVE-2020-23861
all versions
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/deco
5.5
MEDIUM
CVE-2020-21844
all versions
GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_200
8.8
HIGH
CVE-2020-21843
all versions
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
8.8
HIGH
CVE-2020-21842
all versions
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
8.8
HIGH
CVE-2020-21831
all versions
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
8.8
HIGH
CVE-2020-21841
all versions
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.
8.8
HIGH
CVE-2020-21840
all versions
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.
8.8
HIGH
CVE-2020-21839
all versions
An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead to an memory leak in dwg_decode_eed ../../src/decode.c:3638.
6.5
MEDIUM
CVE-2020-21838
all versions
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.
8.8
HIGH
CVE-2020-21836
all versions
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.
8.8
HIGH
CVE-2020-21835
all versions
A null pointer deference issue exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2337.
6.5
MEDIUM
CVE-2020-21834
all versions
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
6.5
MEDIUM
CVE-2020-21833
all versions
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.
8.8
HIGH
CVE-2020-21832
all versions
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.
8.8
HIGH
CVE-2020-21830
all versions
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.
8.8
HIGH
CVE-2020-21827
all versions
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.
7.8
HIGH
CVE-2020-21819
all versions
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.
8.8
HIGH
CVE-2020-21818
all versions
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.
8.8
HIGH
CVE-2020-21817
all versions
A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:29. which causes a denial
6.5
MEDIUM
CVE-2020-21816
all versions
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.
8.8
HIGH
CVE-2020-21815
all versions
A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114, which causes a denia
6.5
MEDIUM
CVE-2020-21814
all versions
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.
8.8
HIGH
CVE-2020-21813
all versions
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.
7.8
HIGH
CVE-2020-15807
< 0.11
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.
6.5
MEDIUM
CVE-2019-20915
<= 0.9.3
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in
8.1
HIGH
CVE-2019-20914
<= 0.9.3
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entit
9.8
CRITICAL
CVE-2019-20913
<= 0.9.3
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_enti
8.1
HIGH
CVE-2019-20912
<= 0.9.3
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to
8.8
HIGH
CVE-2019-20911
<= 0.9.3
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, rel
6.5
MEDIUM
CVE-2019-20910
<= 0.9.3
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R200
8.1
HIGH
CVE-2019-20909
<= 0.9.3
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE i
7.5
HIGH
CVE-2020-6615
all versions
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dy
6.5
MEDIUM
CVE-2020-6614
all versions
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
8.1
HIGH
CVE-2020-6613
all versions
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
8.1
HIGH
CVE-2020-6612
all versions
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
8.1
HIGH
CVE-2020-6611
all versions
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
6.5
MEDIUM
CVE-2020-6610
all versions
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
6.5
MEDIUM
CVE-2020-6609
all versions
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
8.8
HIGH
CVE-2019-20015
all versions
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_LW
6.5
MEDIUM
CVE-2019-20014
< 0.9.3
An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c.
8.8
HIGH
CVE-2019-20013
< 0.9.3
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in decode
6.5
MEDIUM
CVE-2019-20012
all versions
An issue was discovered in GNU LibreDWG 0.92. Crafted input will lead to an attempted excessive memory allocation in dwg_decode_HA
6.5
MEDIUM
CVE-2019-20011
all versions
An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c.
8.8
HIGH
CVE-2019-20010
all versions
An issue was discovered in GNU LibreDWG 0.92. There is a use-after-free in resolve_objectref_vector in decode.c.
8.8
HIGH
CVE-2019-20009
< 0.9.3
An issue was discovered in GNU LibreDWG before 0.93. Crafted input will lead to an attempted excessive memory allocation in dwg_de
6.5
MEDIUM
CVE-2019-9779
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg
7.5
HIGH
CVE-2019-9778
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at
7.5
HIGH
CVE-2019-9777
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write
7.5
HIGH
CVE-2019-9776
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg
7.5
HIGH
CVE-2019-9775
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function dwg_dxf_BLOCK_CONTROL at
9.1
CRITICAL
CVE-2019-9774
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c.
9.1
CRITICAL
CVE-2019-9773
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_dat
7.5
HIGH
CVE-2019-9772
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dw
7.5
HIGH
CVE-2019-9771
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bi
7.5
HIGH
CVE-2019-9770
all versions
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_dat
7.5
HIGH
CVE-2018-14524
< 0.6
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not prope
6.5
MEDIUM
CVE-2018-14471
< 0.6
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service
6.5
MEDIUM
CVE-2018-14443
< 0.6
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).
6.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin