CVE-2023-26157
https://notcve.org/view.php?id=CVE-2023-26157
Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. Las versiones del paquete libredwg anteriores a 0.12.5.6384 son vulnerables a la Denegación de Servicio (DoS) debido a una lectura fuera de los límites que involucra section->num_pages en decode_r2007.c. • https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc https://github.com/LibreDWG/libredwg/issues/850 https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVE-2022-35164
https://notcve.org/view.php?id=CVE-2022-35164
LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. Se ha detectado que LibreDWG versión v0.12.4.4608 y el commit f2dea29 contienen un uso de memoria previamente liberada de la pila por medio de la función bit_copy_chain. • https://github.com/LibreDWG/libredwg/issues/497 • CWE-416: Use After Free •
CVE-2021-45950
https://notcve.org/view.php?id=CVE-2021-45950
LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). LibreDWG versiones 0.12.4.4313 hasta 0.12.4.4367, presenta una escritura fuera de límites en la función dwg_free_BLOCK_private (llamada desde dwg_free_BLOCK y dwg_free_object). • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34766 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-814.yaml • CWE-787: Out-of-bounds Write •