OSV-2022-372

Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-372.yaml
Published
2022-04-26T00:00:09.352798Z
Modified
2022-12-02T00:15:07.258376Z
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46994

Crash type: Heap-buffer-overflow READ 8
Crash state:
dwg_encode_VERTEX_2D
dwg_encode_add_object
dwg_encode
References

Affected packages

OSS-Fuzz / libredwg

libredwg

Affected ranges

Affected versions

0.*

0.12.4.4522
0.12.4.4527
0.12.4.4530
0.12.4.4533
0.12.4.4535
0.12.4.4542
0.12.4.4544
0.12.4.4545
0.12.4.4548
0.12.4.4550
0.12.4.4553
0.12.4.4566
0.12.4.4567
0.12.4.4572
0.12.4.4583
0.12.4.4590
0.12.4.4598
0.12.4.4601
0.12.4.4606
0.12.4.4607
0.12.4.4608
0.12.4.4613
0.12.4.4615
0.12.4.4635
0.12.4.4637
0.12.4.4641
0.12.4.4643
0.12.4.4647
0.12.4.4652
0.12.4.4654
0.12.4.4658
0.12.4.4660
0.12.4.4668
0.12.5.4669

Ecosystem specific

{
    "severity": "MEDIUM"
}