Cxlzff

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.4.4608 **Description** A stack overflow issue was discovered in the function copy bytes at decode r2007.c, which can be exploited. **Recommendations** For LibreDWG version 0.12.4.4608, consider disabling the copy bytes function in decode r2007.c as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libredwg version 0.12.4.4608 **Description** The issue is related to an assertion failure in the `decode preR13 entities` function, which occurs at line 5801 in the decode.c file of libredwg. This failure happens when the `dwg2dxf` function is called. **Recommendations** For libredwg version 0.12.4.4608, consider disabling the `decode preR13 entities` function as a temporary workaround until a patch is available. Restrict access to the affected `decode.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.4.4608 **Description** A heap-use-after-free issue was discovered in the function `decode preR13 section` at `decode r11.c`. **Recommendations** For LibreDWG version 0.12.4.4608, consider disabling the `decode preR13 section` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.4.4608 **Description** A heap buffer overflow issue was discovered in the `bit calc CRC` function at `bits.c`, which can be exploited. **Recommendations** For LibreDWG version 0.12.4.4608, consider disabling the `bit calc CRC` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.4.4608 **Description** A heap-use-after-free issue was discovered in LibreDWG, which occurs via the `dwg add handleref` function at `dwg.c`. **Recommendations** For LibreDWG version 0.12.4.4608, consider restricting access to the `dwg add handleref` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.4.4608 **Description** The issue is related to a heap buffer overflow. It occurs via the function `dwg add object` at `decode.c`. **Recommendations** For LibreDWG version 0.12.4.4608, consider disabling the `dwg add object` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.4.4608 **Description** The issue is related to a heap-buffer-overflow in the `decode preR13 section hdr` function located at `decode r11.c`. This overflow can potentially lead to memory corruption and execution of arbitrary code. **Recommendations** For LibreDWG version 0.12.4.4608, consider restricting access to the `decode preR13 section hdr` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.4.4608 **Description** A double-free issue was discovered in the `dwg read file` function at `dwg.c`. This issue affects the processing of files, potentially leading to memory corruption. **Recommendations** For LibreDWG version 0.12.4.4608, consider restricting access to the `dwg read file` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** swftools versions prior to 20201223 **Description** An issue exists in the function swf GetBits() located in rfxswf.c, which allows an attacker to cause Denial of Service due to a NULL pointer dereference. **Recommendations** For versions prior to 20201223, update to a version released after 20201222 to resolve the issue. As a temporary workaround, consider restricting access to the swf GetBits() function until a patch is available.