Pwn3Rd

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions prior to 0.15 **Description** A security flaw exists in the Dwggrep Utility component within the `dwggrep.c` file. A local attacker can cause a null pointer dereference, which occurs when a program attempts to read or write to a memory location that is null, typically leading to a crash, by manipulating the `match BLOCK HEADER()` function. **Recommendations** Update to a version later than 0.14. As a temporary workaround, restrict the use of the `match BLOCK HEADER()` function within the Dwggrep Utility.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions prior to 0.15 **Description** A weakness in the Dwgbmp Utility component allows an out-of-bounds read, which occurs when the system reads data outside the intended boundary of a buffer. This issue is located in the `read 2004 compressed section()` function within the `src/decode.c` file. Exploitation requires local access. **Recommendations** Apply patch 8f03865f37f5d4ffd616fef802acc980be54d300 to resolve the issue. As a temporary workaround, restrict access to the `read 2004 compressed section()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WebAssembly Binaryen versions prior to 118 **Description** An issue exists in the BrOn Parser component within the `IRBuilder::makeBrOn()` function of the `src/wasm/wasm-ir-builder.cpp` file. A specific manipulation can lead to a reachable assertion, which is a condition where the program reaches a state that the developers assumed was impossible, typically causing the application to crash. This requires local access to be exploited. **Recommendations** Install the patch 1251efbc1ea471c1311d2726b2bbe061ff2a291c to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions prior to 0.15 **Description** A heap-based buffer overflow exists in the Dwgread Utility component within the `decompress R2004 section()` function of the `src/decode.c` file. This issue occurs during the processing of DWG format files and can be exploited locally to cause a denial of service, which is a condition where the software becomes unavailable or crashes. **Recommendations** Deploy the patch with identifier e501cb9926c1e9a07a0d1cc997f3e69e9be801c9 for versions prior to 0.15.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions prior to 0.15 **Description** A security flaw in the DWG File Handler component occurs within the `dwg next entity()` function of the `src/decode.c` file. The issue is caused by incorrect resource cleanup or release, leading to a null pointer dereference. This can be exploited by a local attacker to cause a denial of service (DoS), which is a condition where the system or application becomes unavailable to its intended users. **Recommendations** Update to a version later than 0.14. As a temporary workaround, restrict access to the `dwg next entity()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions prior to 0.15 **Description** A weakness in the Dwggrep Utility component allows an out-of-bounds read, which occurs when the system accesses memory outside the intended boundary of a buffer. This issue is located in the `bit convert TU()` function within the `programs/dwggrep.c` file. A local attacker can exploit this to cause a denial of service. **Recommendations** Apply patch be996bf2178a40e98720f18c2414815d244413db. As a temporary workaround, restrict the use of the `bit convert TU()` function.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions prior to 0.15 **Description** The `decompress R2004 section()` function within the `src/decode.c` file of the Dwgread Utility contains an uncontrolled reachable assertion. This issue allows a local attacker to cause a denial of service through specific manipulation. **Recommendations** Apply patch e501cb9926c1e9a07a0d1cc997f3e69e9be801c9 to remediate the issue. As a temporary workaround, restrict the use of the `decompress R2004 section()` function.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG versions prior to 0.14 **Description** A heap-based buffer overflow occurs in the `read 2004 compressed section()` function within the `src/decode.c` file of the Dwgread Utility component. This issue can be triggered through local access and may lead to a denial of service. **Recommendations** Update to version 0.14 or later. As a temporary workaround, restrict local access to the Dwgread Utility component to minimize the risk of exploitation.