Vulnerabilities > GNU > Libredwg > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-16 CVE-2019-20911 Infinite Loop vulnerability in GNU Libredwg
An issue was discovered in GNU LibreDWG through 0.9.3.
network
low complexity
gnu CWE-835
6.5
6.5
2020-01-08 CVE-2020-6615 NULL Pointer Dereference vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dynapi_entity_value in dynapi.c (dynapi.c is generated by gen-dynapi.pl).
network
low complexity
gnu opensuse CWE-476
6.5
6.5
2020-01-08 CVE-2020-6611 NULL Pointer Dereference vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_owned_entity in dwg.c.
network
low complexity
gnu opensuse CWE-476
6.5
6.5
2020-01-08 CVE-2020-6610 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c.
network
low complexity
gnu opensuse CWE-770
6.5
6.5
2019-12-27 CVE-2019-20015 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in GNU LibreDWG 0.92.
network
low complexity
gnu opensuse CWE-770
6.5
6.5
2019-12-27 CVE-2019-20013 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in GNU LibreDWG before 0.93.
network
low complexity
gnu opensuse CWE-770
6.5
6.5
2019-12-27 CVE-2019-20012 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in GNU LibreDWG 0.92.
network
low complexity
gnu opensuse CWE-770
6.5
6.5
2019-12-27 CVE-2019-20009 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in GNU LibreDWG before 0.93.
network
low complexity
gnu opensuse CWE-770
6.5
6.5
2018-07-23 CVE-2018-14524 Double Free vulnerability in GNU Libredwg
dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.
network
low complexity
gnu CWE-415
6.5
6.5
2018-07-20 CVE-2018-14471 NULL Pointer Dereference vulnerability in GNU Libredwg
dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file.
network
low complexity
gnu CWE-476
6.5
6.5