CVE-2022-33034: LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.
CVE-2022-35164 (https://github.com/LibreDWG/libredwg/issues/497): LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. Looks like there's a patch on a separate branch.
CVE-2022-45332 (https://github.com/LibreDWG/libredwg/issues/524): LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4e8d02fce183569d91b4eaeefddd9fc9f3280d64 commit 4e8d02fce183569d91b4eaeefddd9fc9f3280d64 Author: Andrew Ammerlaan <andrewammerlaan@gentoo.org> AuthorDate: 2023-05-01 13:13:19 +0000 Commit: Andrew Ammerlaan <andrewammerlaan@gentoo.org> CommitDate: 2023-05-01 13:15:57 +0000 media-gfx/libredwg: add 0.12.5.5487 Should fix CVE-2022-45332 and CVE-2022-45332. The patch for CVE-2022-35164 is still not merged to master yet because apparently there are some problems with this patch. Bug: https://bugs.gentoo.org/905327 Bug: https://bugs.gentoo.org/856034 Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org> media-gfx/libredwg/Manifest | 1 + media-gfx/libredwg/libredwg-0.12.5.5487.ebuild | 113 +++++++++++++++++++++++++ 2 files changed, 114 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff4e76bd91741c20f4c93c94dfb3366c5df24737 commit ff4e76bd91741c20f4c93c94dfb3366c5df24737 Author: Andrew Ammerlaan <andrewammerlaan@gentoo.org> AuthorDate: 2023-06-27 12:03:59 +0000 Commit: Andrew Ammerlaan <andrewammerlaan@gentoo.org> CommitDate: 2023-06-27 12:06:11 +0000 media-gfx/libredwg: add 0.12.5.5865 patch for CVE-2022-35164 is in this version Bug: https://bugs.gentoo.org/856034 Bug: https://bugs.gentoo.org/905327 Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org> media-gfx/libredwg/Manifest | 1 + media-gfx/libredwg/libredwg-0.12.5.5865.ebuild | 113 +++++++++++++++++++++++++ 2 files changed, 114 insertions(+)
Do we know where the particular patches for each CVE are?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=155a3f7e540554ffd19e914cc8b54c9725522797 commit 155a3f7e540554ffd19e914cc8b54c9725522797 Author: Andrew Ammerlaan <andrewammerlaan@gentoo.org> AuthorDate: 2023-09-14 08:59:56 +0000 Commit: Andrew Ammerlaan <andrewammerlaan@gentoo.org> CommitDate: 2023-09-14 08:59:56 +0000 media-gfx/libredwg: drop 0.12.5-r1, 0.12.5.5865 Closes: https://bugs.gentoo.org/905443 Closes: https://bugs.gentoo.org/896222 Bug: https://bugs.gentoo.org/905327 Bug: https://bugs.gentoo.org/856034 Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org> media-gfx/libredwg/Manifest | 2 - media-gfx/libredwg/libredwg-0.12.5-r1.ebuild | 113 ------------------------- media-gfx/libredwg/libredwg-0.12.5.5865.ebuild | 113 ------------------------- 3 files changed, 228 deletions(-)
