CVE-2019-20911

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-20911

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20911.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-20911

Published

2020-07-16T18:15:13.300Z

Modified

2026-02-11T08:11:54.127333Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to denial of service in bitcalcCRC in bits.c, related to a for loop.

References

Affected packages

Git / github.com/libredwg/libredwg

Affected ranges

Type: GIT
Repo: https://github.com/libredwg/libredwg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c6f6668b82bfe595899cc820279ac37bb9ef16f5

Affected versions

0.*

0.3

0.4-dev

0.4.900

0.4.924

0.4.938

0.5

0.6

0.6.1

0.6.2

0.7

0.8

0.9

0.9.1

0.9.2

0.9.3

Database specific

vanir_signatures

[
    {
        "target": {
            "function": "SINCE",
            "file": "src/decode.c"
        },
        "id": "CVE-2019-20911-0f6c01e6",
        "deprecated": false,
        "digest": {
            "length": 373.0,
            "function_hash": "106809018278607634862018976279590193353"
        },
        "signature_type": "Function",
        "source": "https://github.com/libredwg/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5",
        "signature_version": "v1"
    },
    {
        "target": {
            "function": "dwg_free_object",
            "file": "src/free.c"
        },
        "id": "CVE-2019-20911-29aff23f",
        "deprecated": false,
        "digest": {
            "length": 6211.0,
            "function_hash": "223328293859909205355334879786276273109"
        },
        "signature_type": "Function",
        "source": "https://github.com/libredwg/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "src/encode.c"
        },
        "id": "CVE-2019-20911-86ac068f",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "220482688184539288151668780977417630684",
                "176291465121732679024776710052933671243",
                "28265445555738916256496277091474380320",
                "269922082506870699698860466366408064412",
                "70518948330967747255998879452416188236",
                "204551529020203106143026653382353860502",
                "141718847684466907765301194946634766478",
                "301107948025968594727770903237543703243",
                "63304491552602468583569821278309865871",
                "28475039318222455503554933030044555573",
                "252147038639091649093710190579567936624",
                "291165943322470885970214030518756916342",
                "145994521436360424011500730565315887428",
                "48062048948458017365619788757291382527",
                "302056257052652407517977086870902379694",
                "116755426054344277176122865654908086479",
                "72750449423761956206452217789436710272",
                "282781283381587350522874062824400502096",
                "254961367150423228248286960488188401865",
                "154042521919402470047966578037854896245",
                "222597149263209854922439472779966382935"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/libredwg/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "src/decode.c"
        },
        "id": "CVE-2019-20911-8b78f610",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "251945387157299814547762952800876995102",
                "93581200417844485077373356620185031063",
                "37555813835132691112491942210698180267",
                "193320986567287437755925945707435550550",
                "273828777948888185137411119496114567057",
                "246452774591704277598293930436979147743",
                "168597697874739642460536768620220372657",
                "197864532149369497949654330544328589588",
                "84445630395092935644368329515108907599",
                "188440445384832426897319115940294686399",
                "17307560220112481785697426550881820338",
                "301417079320282639340357009204995173931",
                "145280584675989180470895210873803196552",
                "283811165617485652484309571988932239052",
                "198233087132786898832861343647847233051",
                "286478346189911090778001200762140012874",
                "56011968016404153401652190896325206654",
                "318879269177327145735150286811268133152",
                "182440901874691292798520880218761002313",
                "38349442615888839137643819224546205712",
                "273941980587333347991943808968387187765",
                "305976884909729621656902698082004886414",
                "70449064798473707391074867336552187104",
                "123802786952589248223481040153861261768",
                "298894934157052213612224150298209074873",
                "94873465058896131759287334003390812874",
                "62049135252840058307762274530914361157",
                "94000353855688777043592083077833686464",
                "292704547888685729960342185816345802198",
                "279391504608406314567747093892020661082",
                "109114155144191265725641665374487548623",
                "12517666710323876892252953300059093436",
                "149151314029909108591494834805225310887",
                "198233087132786898832861343647847233051",
                "286478346189911090778001200762140012874",
                "56011968016404153401652190896325206654",
                "318879269177327145735150286811268133152",
                "53089762292085380839095044999103810658",
                "2530810005093979708064517896531828815",
                "245249275406687821451223474971662605024",
                "132727017412466996092131682537912103997",
                "195573514844400697207701976965973931523",
                "151689535067839779520366405950928776262",
                "211165674058178084528335286766050964486",
                "139048551528369068354577630499435885891",
                "26179880442386548898934032548038240336",
                "190787613597004363654162330589952767415",
                "119792552814264927210388910304600747553",
                "218398865644840824509175012998130221248",
                "131306161937458396461989660485311259301",
                "238658761316129031293900678625924741795",
                "202744795849783270345908546791863480790",
                "234320230376668641898908157868626590910",
                "40227651793905334744321378599672493840",
                "176791526540204279966540132430609049712",
                "12237650208199524578241644989905295273",
                "10272913059096208366703190602011868508",
                "324152984837497269701765752225228471812",
                "254382989951952730123586860263205205825",
                "118090925541747642262151420054110318695",
                "101036408906899947247964260014618258753",
                "154890782223607549258489081750208416255",
                "74175533466200943479880118819042960119",
                "83294247517829902845641123941790414803",
                "336018580404958529745414763185747900376",
                "57411127081111078570331228134434231455"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/libredwg/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "include/dwg.h"
        },
        "id": "CVE-2019-20911-8cffabb2",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "56483437403754171333812153352951827928",
                "23233666031351432207582240898235234845",
                "179806719182584965373296362965082129723",
                "25894154770450131496372023062859516645"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/libredwg/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5",
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "src/free.c"
        },
        "id": "CVE-2019-20911-c37b3878",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "52761424869236557255973423742553838807",
                "215600856078517993831395409639670622266",
                "279428429463677663877077980714377629012",
                "163253528822688241089948001078832280362",
                "191409458076949165257536681933106223358",
                "94764767950236120451169137832093576402",
                "109035891072297547718982542965265519417",
                "2002229941546253297293605358431748851",
                "330062216427647182314129415389396061391",
                "74719427043901116100136941656841797176",
                "44906017554478652816240468226334415703",
                "327906263899587455095790763948211430727",
                "194057987507304434636550632395525701131",
                "330226915239779506206840160975987112409",
                "263608496542222693478658248877952770163",
                "39446798752798468856905359448372453935",
                "64527304045851204074442648699019278810",
                "176424669703960161692652174090451720639",
                "182980960745675938183147126953329451958",
                "214505408223036214647981662379023739169",
                "41975805946090958893196185287589226046",
                "171195695625596686974932187324041042739",
                "282526055411974480135850591793333903484",
                "145017905036933888043491582848366795297",
                "12157722962590166251563077481884734057",
                "18043260103506912154110735615951601647",
                "228614567664875911155877869276624418973",
                "130714247278227535819193381783944982178",
                "289310905385186565665812354282758245738",
                "187762349123274140254230011097804438464",
                "227266381049288221803751945135001793744",
                "289713837950650898335487510528745939417",
                "239176322299376778745494607232821653902",
                "183802465226634481697692664871138290051",
                "55333520952329110204680013458435809289",
                "73350023544271900779672539991641934650"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/libredwg/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5",
        "signature_version": "v1"
    },
    {
        "target": {
            "function": "dwg_encode_add_object",
            "file": "src/encode.c"
        },
        "id": "CVE-2019-20911-ec63ebd0",
        "deprecated": false,
        "digest": {
            "length": 10090.0,
            "function_hash": "8481528165707574390001825662864358417"
        },
        "signature_type": "Function",
        "source": "https://github.com/libredwg/libredwg/commit/c6f6668b82bfe595899cc820279ac37bb9ef16f5",
        "signature_version": "v1"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20911.json"