CVE-2023-36274

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-36274

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36274.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-36274

Downstream

openSUSE-SU-2023:0201-1

Related

openSUSE-SU-2023:0201-1

Published

2023-06-23T15:15:10.213Z

Modified

2025-11-20T12:18:44.318473Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bitwriteTF at bits.c.

References

Affected packages

Git / github.com/libredwg/libredwg

Affected ranges

Type: GIT
Repo: https://github.com/libredwg/libredwg
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8651fa27dd2de731e706e2ba09f0d28e4e0dce33

Affected versions

0.*

0.10

0.10.1

0.11

0.11.1

0.12

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.3

0.4-dev

0.4.900

0.4.924

0.4.938

0.5

0.6

0.6.1

0.6.2

0.7

0.8

0.9

0.9.1

0.9.2

0.9.3

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "46587211283704295715716826781045458325",
                "229113640498389904992729619768275688222",
                "203976934301489468881297850802983864521",
                "317558665862811976848055753705359707037",
                "38265894049812560486581094887685629553",
                "301963340014044557775394712350330320101",
                "59215391745920445508802131874879382419",
                "117241531777306585850023460484073538458",
                "167232614622228504476208469858940379010",
                "115553656454825033082475114660936773426",
                "200848156253365696010579991577611202997",
                "206903827610312578654837941421627045994",
                "236099011167177327667946699976682513322",
                "328552273156930261396749600517842645956",
                "80056202228050449245774818957817274780",
                "228893804150328585408678872786918810481",
                "120288287898094917153095811351413702950",
                "313015120334611950937222952844871813169",
                "328270191269272716676268281958489239818"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/libredwg/libredwg/commit/8651fa27dd2de731e706e2ba09f0d28e4e0dce33",
        "target": {
            "file": "src/decode.c"
        },
        "id": "CVE-2023-36274-366b237b"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 2801.0,
            "function_hash": "9245413057572885588804458547909942079"
        },
        "signature_version": "v1",
        "source": "https://github.com/libredwg/libredwg/commit/8651fa27dd2de731e706e2ba09f0d28e4e0dce33",
        "target": {
            "file": "src/decode.c",
            "function": "decode_preR13_auxheader"
        },
        "id": "CVE-2023-36274-5a891ddb"
    }
]