RSS   Podatności dla 'Libredwg'   RSS

2020-07-17
 
CVE-2020-15807

CWE-476
 

 
GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.

 
2020-07-16
 
CVE-2019-20915

CWE-125
 

 
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c.

 
 
CVE-2019-20914

CWE-476
 

 
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_common_entity_handle_data in common_entity_handle_data.spec.

 
 
CVE-2019-20913

CWE-125
 

 
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec.

 
 
CVE-2019-20912

CWE-787
 

 
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF.

 
 
CVE-2019-20911

CWE-835
 

 
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bit_calc_CRC in bits.c, related to a for loop.

 
 
CVE-2019-20910

CWE-125
 

 
An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.

 
 
CVE-2019-20909

CWE-476
 

 
An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.

 
2020-01-08
 
CVE-2020-6615

CWE-476
 

 
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).

 
 
CVE-2020-6614

CWE-125
 

 
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.

 


Copyright 2020, cxsecurity.com

 

Back to Top