Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 918608 (CVE-2023-36271, CVE-2023-36272, CVE-2023-36273, CVE-2023-36274)

Summary: <media-gfx/libredwg-0.12.5.5487: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: andrewammerlaan
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-26 14:03:35 UTC
CVE-2023-36271 (https://github.com/LibreDWG/libredwg/issues/681#BUG2):

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

CVE-2023-36272 (https://github.com/LibreDWG/libredwg/issues/681#BUG1):

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

CVE-2023-36273 (https://github.com/LibreDWG/libredwg/issues/677#BUG1):

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

CVE-2023-36274 (https://github.com/LibreDWG/libredwg/issues/677#BUG2):

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

Fixes in 0.12.5.5256.