CVE-2023-36274

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-36274

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36274.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-36274

Downstream

openSUSE-SU-2023:0201-1

Related

openSUSE-SU-2023:0201-1

Published

2023-06-23T15:15:10Z

Modified

2025-09-19T14:35:45.914604Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bitwriteTF at bits.c.

References

Affected packages

Git / github.com/libredwg/libredwg

Affected ranges

Type: GIT
Repo: https://github.com/libredwg/libredwg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8651fa27dd2de731e706e2ba09f0d28e4e0dce33

Affected versions

0.*

0.10

0.10.1

0.11

0.11.1

0.12

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.3

0.4-dev

0.4.900

0.4.924

0.4.938

0.5

0.6

0.6.1

0.6.2

0.7

0.8

0.9

0.9.1

0.9.2

0.9.3

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2023-36274-366b237b",
            "signature_type": "Line",
            "target": {
                "file": "src/decode.c"
            },
            "digest": {
                "line_hashes": [
                    "46587211283704295715716826781045458325",
                    "229113640498389904992729619768275688222",
                    "203976934301489468881297850802983864521",
                    "317558665862811976848055753705359707037",
                    "38265894049812560486581094887685629553",
                    "301963340014044557775394712350330320101",
                    "59215391745920445508802131874879382419",
                    "117241531777306585850023460484073538458",
                    "167232614622228504476208469858940379010",
                    "115553656454825033082475114660936773426",
                    "200848156253365696010579991577611202997",
                    "206903827610312578654837941421627045994",
                    "236099011167177327667946699976682513322",
                    "328552273156930261396749600517842645956",
                    "80056202228050449245774818957817274780",
                    "228893804150328585408678872786918810481",
                    "120288287898094917153095811351413702950",
                    "313015120334611950937222952844871813169",
                    "328270191269272716676268281958489239818"
                ],
                "threshold": 0.9
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/libredwg/libredwg/commit/8651fa27dd2de731e706e2ba09f0d28e4e0dce33"
        },
        {
            "id": "CVE-2023-36274-5a891ddb",
            "signature_type": "Function",
            "target": {
                "file": "src/decode.c",
                "function": "decode_preR13_auxheader"
            },
            "digest": {
                "function_hash": "9245413057572885588804458547909942079",
                "length": 2801.0
            },
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://github.com/libredwg/libredwg/commit/8651fa27dd2de731e706e2ba09f0d28e4e0dce33"
        }
    ]
}