Описание
Security update for libredwg
This update for libredwg fixes the following issues:
Update to version 0.12.5.5907
Security issues fixed:
- CVE-2022-33025: Fixed multiple security issues [boo#1200898]
- CVE-2023-36271: Fixed heap buffer overflow via the function bit_wcs2nlen [boo#1212709]
- CVE-2023-36272: Fixed heap buffer overflow via the function bit_utf8_to_TU [boo#1212707]
- CVE-2023-36273: Fixed heap buffer overflow via the function bit_calc_CRC [boo#1212706]
- CVE-2023-36274: Fixed heap buffer overflow via the function bit_write_TF [boo#1212705]
Список пакетов
SUSE Package Hub 15 SP5
libredwg-devel-0.12.5.5907-bp155.3.3.1
libredwg-tools-0.12.5.5907-bp155.3.3.1
libredwg0-0.12.5.5907-bp155.3.3.1
openSUSE Leap 15.5
libredwg-devel-0.12.5.5907-bp155.3.3.1
libredwg-tools-0.12.5.5907-bp155.3.3.1
libredwg0-0.12.5.5907-bp155.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2023:0201-1
- SUSE Security Ratings
- SUSE Bug 1200898
- SUSE Bug 1212705
- SUSE Bug 1212706
- SUSE Bug 1212707
- SUSE Bug 1212709
- SUSE CVE CVE-2022-33025 page
- SUSE CVE CVE-2023-36271 page
- SUSE CVE CVE-2023-36272 page
- SUSE CVE CVE-2023-36273 page
- SUSE CVE CVE-2023-36274 page
Описание
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.
Затронутые продукты
SUSE Package Hub 15 SP5:libredwg-devel-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg-tools-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg0-0.12.5.5907-bp155.3.3.1
openSUSE Leap 15.5:libredwg-devel-0.12.5.5907-bp155.3.3.1
Ссылки
- CVE-2022-33025
- SUSE Bug 1200898
Описание
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
Затронутые продукты
SUSE Package Hub 15 SP5:libredwg-devel-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg-tools-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg0-0.12.5.5907-bp155.3.3.1
openSUSE Leap 15.5:libredwg-devel-0.12.5.5907-bp155.3.3.1
Ссылки
- CVE-2023-36271
- SUSE Bug 1212709
Описание
LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
Затронутые продукты
SUSE Package Hub 15 SP5:libredwg-devel-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg-tools-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg0-0.12.5.5907-bp155.3.3.1
openSUSE Leap 15.5:libredwg-devel-0.12.5.5907-bp155.3.3.1
Ссылки
- CVE-2023-36272
- SUSE Bug 1212707
Описание
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
Затронутые продукты
SUSE Package Hub 15 SP5:libredwg-devel-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg-tools-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg0-0.12.5.5907-bp155.3.3.1
openSUSE Leap 15.5:libredwg-devel-0.12.5.5907-bp155.3.3.1
Ссылки
- CVE-2023-36273
- SUSE Bug 1212706
Описание
LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
Затронутые продукты
SUSE Package Hub 15 SP5:libredwg-devel-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg-tools-0.12.5.5907-bp155.3.3.1
SUSE Package Hub 15 SP5:libredwg0-0.12.5.5907-bp155.3.3.1
openSUSE Leap 15.5:libredwg-devel-0.12.5.5907-bp155.3.3.1
Ссылки
- CVE-2023-36274
- SUSE Bug 1212705