GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
gnu libredwg 0.9.3.2564
opensuse leap 15.1
opensuse backports sle 15.0