Bugzilla – Bug 1212707
VUL-0: CVE-2023-36272: libredwg: heap buffer overflow via the function bit_utf8_to_TU at bits.c.
Last modified: 2023-08-02 13:05:38 UTC
CVE-2023-36272 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36272 https://www.cve.org/CVERecord?id=CVE-2023-36272 https://github.com/LibreDWG/libredwg/issues/681#BUG1
openSUSE:Factory and Backports affected
This is an autogenerated message for OBS integration: This bug (1212707) was mentioned in https://build.opensuse.org/request/show/1098839 Factory / libredwg https://build.opensuse.org/request/show/1098842 Backports:SLE-15-SP5 / libredwg
openSUSE-SU-2023:0201-1: An update that fixes 5 vulnerabilities is now available. Category: security (important) Bug References: 1200898,1212705,1212706,1212707,1212709 CVE References: CVE-2022-33025,CVE-2023-36271,CVE-2023-36272,CVE-2023-36273,CVE-2023-36274 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): libredwg-0.12.5.5907-bp155.3.3.1