Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libredwg vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-14524
dwg_decode_eed in decode.c in GNU LibreDWG prior to 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
Gnu Libredwg
6.5
CVSSv3
CVE-2018-14443
get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote malicious users to cause a denial of service (SEGV).
Gnu Libredwg
6.5
CVSSv3
CVE-2021-39521
An issue exists in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function bit_read_BB() located in bits.c. It allows an malicious user to cause Denial of Service.
Gnu Libredwg
8.8
CVSSv3
CVE-2021-39522
An issue exists in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
Gnu Libredwg
6.5
CVSSv3
CVE-2021-39523
An issue exists in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the function check_POLYLINE_handles() located in decode.c. It allows an malicious user to cause Denial of Service.
Gnu Libredwg
8.8
CVSSv3
CVE-2021-39525
An issue exists in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
Gnu Libredwg
8.8
CVSSv3
CVE-2021-39527
An issue exists in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.
Gnu Libredwg
8.8
CVSSv3
CVE-2021-39528
An issue exists in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free.
Gnu Libredwg
8.8
CVSSv3
CVE-2021-39530
An issue exists in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.
Gnu Libredwg
8.8
CVSSv3
CVE-2021-42585
A heap buffer overflow exists in copy_compressed_bytes in decode_r2007.c in dwgread prior to 0.12.4 via a crafted dwg file.
Gnu Libredwg
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »