Libredwg
Monthly
Out-of-bounds read in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) affects all versions through 0.14, allowing a local low-privileged attacker to crash the dwgbmp utility or any LibreDWG-based application by supplying a crafted DWG 2004 file with manipulated section address or size fields. Impact is limited to availability (application crash) with no confirmed confidentiality or integrity exposure per the CVSS 4.0 vector. A publicly available proof-of-concept DWG file exists on GitHub, but EPSS at 0.01% (2nd percentile) and no CISA KEV listing confirm this is not currently subject to widespread exploitation.
Null pointer dereference in GNU LibreDWG's dwggrep utility crashes the application when processing a maliciously crafted DWG file. The vulnerability resides in the match_BLOCK_HEADER function within dwggrep.c and affects all tracked releases from version 0.1 through 0.14. A local authenticated attacker can exploit this to cause denial of service against the dwggrep utility; no publicly available exploit code exists for confidentiality or integrity compromise, consistent with the CVSS impact scores of VC:N/VI:N/VA:L. Publicly available exploit code exists (no KEV listing), though EPSS at 0.01% reflects negligible widespread exploitation probability.
Out-of-bounds read in GNU LibreDWG's dwggrep utility exposes heap memory when processing maliciously crafted DWG files containing LTYPE objects with unterminated wide-character dash text strings. Affected versions span 0.1 through 0.14 (CPE: cpe:2.3:a:gnu:libredwg). A local authenticated attacker can trigger partial information disclosure by supplying a crafted DWG file to the dwggrep command-line tool; a public proof-of-concept DWG payload exists, though EPSS of 0.01% (2nd percentile) and absence from CISA KEV indicate no widespread exploitation activity at time of analysis.
Null pointer dereference in GNU LibreDWG (all versions through 0.14) allows a local, low-privileged attacker to crash any application that uses the library to parse a maliciously crafted DWG file, resulting in a denial-of-service condition with no confidentiality or integrity impact. The affected code path is within the DWG 2004 compressed-section handler in src/decode.c, where missing bounds checks on section entry address fields permit invalid memory access. A public proof-of-concept exploit file exists; however, the vulnerability is not listed in CISA KEV, EPSS sits at 0.01% (2nd percentile), and SSVC rates it non-automatable with only partial technical impact, collectively indicating negligible in-the-wild exploitation risk at time of analysis.
Heap-based buffer overflow in GNU LibreDWG's dwgread utility (versions 0.1 through 0.14) allows a local attacker with low privileges to corrupt heap memory by supplying a specially crafted R2004-format DWG file. The vulnerable function decompress_R2004_section in src/decode.c fails to validate decompression offset and size parameters before writing, enabling out-of-bounds heap writes with partial confidentiality, integrity, and availability impact. Publicly available exploit code exists as a crafted DWG file; however, no active exploitation is confirmed (not in CISA KEV), EPSS is 0.01% (2nd percentile), and the local-only attack vector sharply constrains real-world risk.
Reachable assertion (CWE-617) in GNU LibreDWG's `decompress_R2004_section` function allows a local low-privileged attacker to crash the `dwgread` utility by supplying a malformed R2004-format DWG file with out-of-bounds decompression parameters. All releases from 0.1 through 0.14 are confirmed affected. Publicly available exploit code exists, though EPSS sits at 0.01% (2nd percentile) and no active exploitation is confirmed - consistent with the strictly local, no-code-execution impact profile.
Heap-based buffer overflow in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) exposes users of the dwgread utility to partial confidentiality, integrity, and availability compromise when processing a maliciously crafted DWG file. All released versions from 0.1 through 0.14 are affected, and a publicly available proof-of-concept exploit file exists on GitHub. No vendor patch has been issued; the project has not responded to the responsible disclosure despite early notification via issue report.
Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decode.c.
Out-of-bounds read in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) affects all versions through 0.14, allowing a local low-privileged attacker to crash the dwgbmp utility or any LibreDWG-based application by supplying a crafted DWG 2004 file with manipulated section address or size fields. Impact is limited to availability (application crash) with no confirmed confidentiality or integrity exposure per the CVSS 4.0 vector. A publicly available proof-of-concept DWG file exists on GitHub, but EPSS at 0.01% (2nd percentile) and no CISA KEV listing confirm this is not currently subject to widespread exploitation.
Null pointer dereference in GNU LibreDWG's dwggrep utility crashes the application when processing a maliciously crafted DWG file. The vulnerability resides in the match_BLOCK_HEADER function within dwggrep.c and affects all tracked releases from version 0.1 through 0.14. A local authenticated attacker can exploit this to cause denial of service against the dwggrep utility; no publicly available exploit code exists for confidentiality or integrity compromise, consistent with the CVSS impact scores of VC:N/VI:N/VA:L. Publicly available exploit code exists (no KEV listing), though EPSS at 0.01% reflects negligible widespread exploitation probability.
Out-of-bounds read in GNU LibreDWG's dwggrep utility exposes heap memory when processing maliciously crafted DWG files containing LTYPE objects with unterminated wide-character dash text strings. Affected versions span 0.1 through 0.14 (CPE: cpe:2.3:a:gnu:libredwg). A local authenticated attacker can trigger partial information disclosure by supplying a crafted DWG file to the dwggrep command-line tool; a public proof-of-concept DWG payload exists, though EPSS of 0.01% (2nd percentile) and absence from CISA KEV indicate no widespread exploitation activity at time of analysis.
Null pointer dereference in GNU LibreDWG (all versions through 0.14) allows a local, low-privileged attacker to crash any application that uses the library to parse a maliciously crafted DWG file, resulting in a denial-of-service condition with no confidentiality or integrity impact. The affected code path is within the DWG 2004 compressed-section handler in src/decode.c, where missing bounds checks on section entry address fields permit invalid memory access. A public proof-of-concept exploit file exists; however, the vulnerability is not listed in CISA KEV, EPSS sits at 0.01% (2nd percentile), and SSVC rates it non-automatable with only partial technical impact, collectively indicating negligible in-the-wild exploitation risk at time of analysis.
Heap-based buffer overflow in GNU LibreDWG's dwgread utility (versions 0.1 through 0.14) allows a local attacker with low privileges to corrupt heap memory by supplying a specially crafted R2004-format DWG file. The vulnerable function decompress_R2004_section in src/decode.c fails to validate decompression offset and size parameters before writing, enabling out-of-bounds heap writes with partial confidentiality, integrity, and availability impact. Publicly available exploit code exists as a crafted DWG file; however, no active exploitation is confirmed (not in CISA KEV), EPSS is 0.01% (2nd percentile), and the local-only attack vector sharply constrains real-world risk.
Reachable assertion (CWE-617) in GNU LibreDWG's `decompress_R2004_section` function allows a local low-privileged attacker to crash the `dwgread` utility by supplying a malformed R2004-format DWG file with out-of-bounds decompression parameters. All releases from 0.1 through 0.14 are confirmed affected. Publicly available exploit code exists, though EPSS sits at 0.01% (2nd percentile) and no active exploitation is confirmed - consistent with the strictly local, no-code-execution impact profile.
Heap-based buffer overflow in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) exposes users of the dwgread utility to partial confidentiality, integrity, and availability compromise when processing a maliciously crafted DWG file. All released versions from 0.1 through 0.14 are affected, and a publicly available proof-of-concept exploit file exists on GitHub. No vendor patch has been issued; the project has not responded to the responsible disclosure despite early notification via issue report.
Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decode.c.