OSV-2022-656

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-656.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2022-656
Published
2022-07-31T00:00:46.624694Z
Modified
2022-12-10T00:15:05.367372Z
Summary
Heap-buffer-overflow in dwg_decode_LWPOLYLINE_private
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49630

Crash type: Heap-buffer-overflow READ 1
Crash state:
dwg_decode_LWPOLYLINE_private
dwg_decode_LWPOLYLINE
dwg_decode_add_object
References

Affected packages

OSS-Fuzz / libredwg

Package

Name
libredwg
Purl
pkg:generic/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/LibreDWG/libredwg
Events
Introduced
7a44f5e43b2a49bf244e24b796a657c9c78f31a1
Fixed
9d068534eb093790d9be1b8aa8ed47cafc7f2285

Affected versions

0.*

0.12.4.4635
0.12.4.4637
0.12.4.4641
0.12.4.4643
0.12.4.4647
0.12.4.4652
0.12.4.4654
0.12.4.4658
0.12.4.4660
0.12.4.4668
0.12.5.4669
0.12.5.4678

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2022-656.yaml"