CVE-2023-36274

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-36274
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36274.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-36274
Downstream
Related
Published
2023-06-23T00:00:00Z
Modified
2026-05-28T10:02:51.059663Z
Summary
[none]
Details

LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bitwriteTF at bits.c.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36274.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/libredwg/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/libredwg/libredwg
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8651fa27dd2de731e706e2ba09f0d28e4e0dce33
Database specific 
{
    "source": "REFERENCES"
}

Affected versions

0.*
0.10
0.10.1
0.11
0.11.1
0.12
0.12.1
0.12.2
0.12.3
0.12.4
0.12.5
0.3
0.4-dev
0.4.900
0.4.924
0.4.938
0.5
0.6
0.6.1
0.6.2
0.7
0.8
0.9
0.9.1
0.9.2
0.9.3

Database specific

vanir_signatures_modified 
"2026-05-28T10:02:51Z"
vanir_signatures 
[
    {
        "source": "https://github.com/libredwg/libredwg/commit/8651fa27dd2de731e706e2ba09f0d28e4e0dce33",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "46587211283704295715716826781045458325",
                "229113640498389904992729619768275688222",
                "203976934301489468881297850802983864521",
                "317558665862811976848055753705359707037",
                "38265894049812560486581094887685629553",
                "301963340014044557775394712350330320101",
                "59215391745920445508802131874879382419",
                "117241531777306585850023460484073538458",
                "167232614622228504476208469858940379010",
                "115553656454825033082475114660936773426",
                "200848156253365696010579991577611202997",
                "206903827610312578654837941421627045994",
                "236099011167177327667946699976682513322",
                "328552273156930261396749600517842645956",
                "80056202228050449245774818957817274780",
                "228893804150328585408678872786918810481",
                "120288287898094917153095811351413702950",
                "313015120334611950937222952844871813169",
                "328270191269272716676268281958489239818"
            ]
        },
        "deprecated": false,
        "id": "CVE-2023-36274-366b237b",
        "signature_version": "v1",
        "target": {
            "file": "src/decode.c"
        },
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/libredwg/libredwg/commit/8651fa27dd2de731e706e2ba09f0d28e4e0dce33",
        "digest": {
            "length": 2801.0,
            "function_hash": "9245413057572885588804458547909942079"
        },
        "deprecated": false,
        "id": "CVE-2023-36274-5a891ddb",
        "signature_version": "v1",
        "target": {
            "function": "decode_preR13_auxheader",
            "file": "src/decode.c"
        },
        "signature_type": "Function"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36274.json"