OSV-2021-493

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-493.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-493
Published
2021-03-05T00:01:05.653529Z
Modified
2022-04-13T03:04:41.130533Z
Summary
Heap-buffer-overflow in encode_3dsolid
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31657

Crash type: Heap-buffer-overflow READ 4
Crash state:
encode_3dsolid
dwg_encode_REGION_private
dwg_encode_REGION
References

Affected packages

OSS-Fuzz / libredwg

Package

Name
libredwg
Purl
pkg:generic/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/LibreDWG/libredwg
Events
Introduced
e5de783437e60d90530bdbb1da04aa1c11b8d6f6
Fixed
625da7ad8b7f6de51e9723ec8e7e7d6714307017

Affected versions

0.*
0.12.3.4163
0.12.3.4165
0.12.3.4167
0.12.3.4173
0.12.3.4176
0.12.3.4178
0.12.3.4180
0.12.3.4185

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-493.yaml"