OSV-2021-535

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-535.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2021-535
Published
2021-03-19T00:00:24.962467Z
Modified
2022-04-13T03:04:41.081680Z
Summary
Heap-buffer-overflow in encode_3dsolid
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32165

Crash type: Heap-buffer-overflow READ 4
Crash state:
encode_3dsolid
dwg_encode_BODY_private
dwg_encode_BODY
References

Affected packages

OSS-Fuzz / libredwg

Package

Name
libredwg
Purl
pkg:generic/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/LibreDWG/libredwg
Events
Introduced
e5de783437e60d90530bdbb1da04aa1c11b8d6f6
Fixed
084083ce54e59b5a43e6eb936868ef4bd037c7e2

Affected versions

0.*

0.12.3.4163
0.12.3.4165
0.12.3.4167
0.12.3.4173
0.12.3.4176
0.12.3.4178
0.12.3.4180
0.12.3.4185
0.12.3.4189
0.12.3.4191
0.12.3.4194
0.12.3.4201
0.12.3.4203
0.12.3.4206
0.12.3.4219
0.12.3.4221
0.12.3.4229
0.12.3.4231
0.12.3.4244
0.12.3.4248
0.12.3.4250
0.12.3.4253

Ecosystem specific 

{
    "severity": "MEDIUM"
}