Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP5 package libredwg, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2023-36271 — CVSS 8.8 (high): LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
CVE-2023-36272 — CVSS 8.8 (high): LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
CVE-2023-36273 — CVSS 8.8 (high): LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
CVE-2023-36274 — CVSS 8.8 (high): LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
CVE-2022-33025 — CVSS 7.8 (high): LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
CVE-2023-26157 — CVSS 5.5 (medium): Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving…