CVE-2023-36271

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-36271

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36271.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-36271

Downstream

openSUSE-SU-2023:0201-1

openSUSE-SU-2024:13051-1

Related

Published

2023-06-23T15:15:10Z

Modified

2025-09-19T14:35:41.706476Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

References

Affected packages

Git / github.com/libredwg/libredwg

Affected ranges

Type: GIT
Repo: https://github.com/libredwg/libredwg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c1ed1d91e28a6ddc7a9b5479d4795d58fb6be0ca

Affected versions

0.*

0.10

0.10.1

0.11

0.11.1

0.12

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.3

0.4-dev

0.4.900

0.4.924

0.4.938

0.5

0.6

0.6.1

0.6.2

0.7

0.8

0.9

0.9.1

0.9.2

0.9.3

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-36271-55aea3bc",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "249007745773169331523370964499489407204",
                    "237302075916336588877092081607018317593",
                    "249265483650173177841406791148420484617",
                    "136523751170474483677426936851642365622",
                    "31049498572403266144605818511465268777",
                    "301439162832622592644511683632958394154",
                    "161357459133448800226732834474228988495",
                    "251564537423470642212202419726498746190",
                    "239882181519798547964139662347317107954",
                    "315249526982570630410699664353844827545",
                    "113316893772975962684367266995648844416",
                    "260654714819690124311711674036729906809",
                    "94440309368264071335982105027563009526",
                    "114293115556212422599863217966715546504",
                    "280924514309004725630205082446437007028",
                    "55830683233747113400596617532881853136",
                    "93352497787825666204063582528790681296",
                    "191244845108703236973565835028550990202",
                    "96465312549607822461535235165668348858",
                    "106695270940511029724150681723810134466"
                ]
            },
            "signature_version": "v1",
            "target": {
                "file": "src/bits.c"
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://github.com/libredwg/libredwg/commit/c1ed1d91e28a6ddc7a9b5479d4795d58fb6be0ca"
        },
        {
            "id": "CVE-2023-36271-9b29774d",
            "digest": {
                "length": 1494.0,
                "function_hash": "30984442895503724511475752818049538229"
            },
            "signature_version": "v1",
            "target": {
                "file": "src/bits.c",
                "function": "bit_utf8_to_TU"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://github.com/libredwg/libredwg/commit/c1ed1d91e28a6ddc7a9b5479d4795d58fb6be0ca"
        }
    ]
}