A heap buffer overflow exists in copy_compressed_bytes in decode_r2007.c in dwgread prior to 0.12.4 via a crafted dwg file.
gnu libredwg