ALT-PU-2023-4039-1
Package libredwg updated to version 0.12.5.5862-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Published: 2023-03-01
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-25222
A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-06-23
Modified: 2025-03-14
Modified: 2025-03-14
CVE-2023-36271
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-06-23
Modified: 2025-03-14
Modified: 2025-03-14
CVE-2023-36272
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-06-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2023-36273
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2023-06-23
Modified: 2025-03-14
Modified: 2025-03-14
CVE-2023-36274
LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References: