CVE-2021-45950: LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object). No mention of a report upstream (of course), so no idea about patches.
I don't package the nightly releases. Version 0.12.4 (packaged) is older then 0.12.4.4313, so we should be unaffected.
CVE descriptions are untrustworthy. Are you unable to reproduce?
(In reply to John Helmert III from comment #2) > Are you unable to reproduce? I must confess that I have no clue on how to reproduce this. So yes I am unable to reproduce, but that says more about my hacking skills than about whether libredwg is vulnerable or not :P
Given https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-814.yaml#L24 and https://github.com/LibreDWG/libredwg/commit/2d26a3b863be05b90bb1de62c3c54653480a68b5, we're ok I think.