Rurban

**Name of the Vulnerable Software and Affected Versions** dwgread versions prior to 0.12.4 **Description** A heap buffer overflow was discovered in the `copy compressed bytes` function in `decode r2007.c` via a crafted dwg file. **Recommendations** For versions prior to 0.12.4, update to version 0.12.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted dwg files until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** dwgread versions prior to 0.12.4 **Description** A heap buffer overflow was discovered in the `copy bytes` function in `decode r2007.c` via a crafted dwg file. **Recommendations** For versions prior to 0.12.4, update to version 0.12.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted dwg files until a patch is applied.

Name of the Vulnerable Software and Affected Versions: GNU LibreDWG versions 0.12.3.4163 through 0.12.3.4191 Description: The issue is related to a double-free error in the `bit chain free` function, which is called from `dwg encode MTEXT` and `dwg encode add object`. Recommendations: For GNU LibreDWG versions 0.12.3.4163 through 0.12.3.4191, consider updating to a version that fixes the double-free error in the `bit chain free` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.