SUSE Package Hub - openSUSE-2022-155

Update Info

openSUSE-2022-155

Security update for libredwg

Type: security

Severity: moderate

Issued: 2022-05-27

Description:

This update for libredwg fixes the following issues:

Update to release 0.12.5 [boo#1193372] [CVE-2021-28237]

* Restricted accepted DXF objects to all stable and unstable
  classes, minus MATERIAL, ARC_DIMENSION, SUN, PROXY*. I.e.
  most unstable objects do not allow unknown DXF codes anymore.
  This fixed most oss-fuzz errors.

References

CVE: CVE-2021-28237
Bugzilla: 1193372 VUL-0: CVE-2021-28237: libredwg: heap-buffer overflow via decode_preR13.

Packages

libredwg-0.12.5-bp154.2.3.1