PT-2026-57481 · Opensuse · Libredwg

CVE-2026-15181

·

Publicado

2026-07-10

·

Atualizado

2026-07-13

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
This update for libredwg fixes the following issues:
Changes in libredwg:
  • Update to snapshot 0.14.8413
  • fix dwg next entity NULL pointer dereference [CVE-2026-15184, boo#1271170]
  • Fix dwg bmp thumbnail overflow checks [CVE-2026-15181, boo#1271169]
  • Resolve NULL pointer dereference (SEGV) in match BLOCK HEADER [CVE-2026-9529, boo#1266380]
  • Added DXB (binary DXF) support: dwgwrite/dwgread/dwg2dxf accept DXB input/output, and dxfwrite accepts DXB.
  • Minor features:
  • R2007+ split string stream encoding for Header, Classes, and objects.
  • Added cycle checks in entity link chains.
  • Added release helpers and improved CI (ODAFileConverter QT6, xvfb-run).
  • dwgfuzz: show mode with --version.
  • update to 0.14:
  • Write support for r2004 (AC1018) DWG files. The encoder now produces compressed, encrypted section headers and the LZ77-compressed object data layout required since r2004.
  • Split large object files (encode, decode) into 2 objects, significantly reducing peak memory usage during compilation and enabling parallel builds to scale better.
  • dwgadd: handle fields (e.g. layer, ltype, style) can now be set by table-record name in addition to raw handle references. A string value like line.layer = "FOO" is resolved via dwg find tablehandle() at parse time.
  • Added DXB (binary DXF) support: dwgwrite/dwgread/dwg2dxf accept DXB input/output, and dxfwrite accepts DXB.
  • R2007+ split string stream encoding for Header, Classes, and objects.
  • Added cycle checks in entity link chains. GH #1226.
  • Added regression tests for decompress r2007 OOB reads and R2004 section decompression. Added dwgfilter.test.
  • Added release helpers and improved CI (ODAFileConverter QT6, xvfb-run).
  • dwgfuzz: show mode with --version.
  • API/ABI changes (source-incompatible):
  • Renamed HEADER/2NDHEADER.is maint to maint rel version.
  • Renamed PROXY OBJECT.dwg versions.
  • Bumped SO VERSION to 0:14:0.
  • Update to snapshot 0.13.4.8200
  • Write support for r2004 (AC1018) DWG files. The encoder now produces compressed, encrypted section headers and the LZ77-compressed object data layout required since r2004.
  • Split large object files (encode, decode) into 2 objects, significantly reducing peak memory usage during compilation and enabling parallel builds to scale better.
  • dwgadd: handle fields (e.g. layer, ltype, style) can now be set by table-record name in addition to raw handle references. A string value like line.layer = "FOO" is resolved via dwg find tablehandle() at parse time.
  • Fix decompress R2004 section buffer overflow [CVE-2026-9501, CVE-2026-9502, CVE-2026-9529, CVE-2026-9530, boo#1266377, boo#1266378, boo#1266380, boo#1266287]
  • Fix dwg next entity NULL pointer dereference [CVE-2026-9503, boo#1266379]
  • Fix NULL pointer dereferences in DXF output for corrupted DWG input [CVE-2026-9504, boo#1266321]
  • decode: fix decompression overflow [CVE-2026-9605, boo#1266365]
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Identificadores relacionados

CVE-2026-15181
OPENSUSE-SU-2026:11247-1
OPENSUSE-SU-2026:21346-1

Produtos afetados

Libredwg