SUSE Package Hub - openSUSE-2023-201

Update Info

openSUSE-2023-201

Security update for libredwg

Type: security

Severity: important

Issued: 2023-08-02

Description:

This update for libredwg fixes the following issues:

Update to version 0.12.5.5907

Security issues fixed:

* CVE-2022-33025: Fixed multiple security issues [boo#1200898]
* CVE-2023-36271: Fixed heap buffer overflow via the function bit_wcs2nlen [boo#1212709]
* CVE-2023-36272: Fixed heap buffer overflow via the function bit_utf8_to_TU [boo#1212707]
* CVE-2023-36273: Fixed heap buffer overflow via the function bit_calc_CRC [boo#1212706]
* CVE-2023-36274: Fixed heap buffer overflow via the function bit_write_TF [boo#1212705]

References

CVE: CVE-2023-36274
CVE: CVE-2023-36273
CVE: CVE-2023-36272
CVE: CVE-2023-36271
CVE: CVE-2022-33025
Bugzilla: 1212709 VUL-0: CVE-2023-36271: libredwg: heap buffer overflow via the function bit_wcs2nlen at bits.c.
Bugzilla: 1212707 VUL-0: CVE-2023-36272: libredwg: heap buffer overflow via the function bit_utf8_to_TU at bits.c.
Bugzilla: 1212706 VUL-0: CVE-2023-36273: libredwg: heap buffer overflow via the function bit_calc_CRC at bits.c.
Bugzilla: 1212705 VUL-0: CVE-2023-36274: libredwg: heap buffer overflow via the function bit_write_TF at bits.c.
Bugzilla: 1200898 VUL-0: CVE-2022-33025: libredwg: Multiple issues were discovered in LibreDWG v0.12.4.4608

Packages

libredwg-0.12.5.5907-bp155.3.3.1