libredwg-devel-0.12.5.5907-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13051-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libredwg-devel-0.12.5.5907-1.1 on GA media These are all security issues fixed in the libredwg-devel-0.12.5.5907-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13051 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-33025/ SUSE CVE CVE-2022-33025 page https://www.suse.com/security/cve/CVE-2023-36271/ SUSE CVE CVE-2023-36271 page https://www.suse.com/security/cve/CVE-2023-36273/ SUSE CVE CVE-2023-36273 page openSUSE Tumbleweed libredwg-devel-0.12.5.5907-1.1 libredwg-tools-0.12.5.5907-1.1 libredwg0-0.12.5.5907-1.1 libredwg-devel-0.12.5.5907-1.1 as a component of openSUSE Tumbleweed libredwg-tools-0.12.5.5907-1.1 as a component of openSUSE Tumbleweed libredwg0-0.12.5.5907-1.1 as a component of openSUSE Tumbleweed LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. CVE-2022-33025 openSUSE Tumbleweed:libredwg-devel-0.12.5.5907-1.1 openSUSE Tumbleweed:libredwg-tools-0.12.5.5907-1.1 openSUSE Tumbleweed:libredwg0-0.12.5.5907-1.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-33025.html CVE-2022-33025 https://bugzilla.suse.com/1200898 SUSE Bug 1200898 LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. CVE-2023-36271 openSUSE Tumbleweed:libredwg-devel-0.12.5.5907-1.1 openSUSE Tumbleweed:libredwg-tools-0.12.5.5907-1.1 openSUSE Tumbleweed:libredwg0-0.12.5.5907-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-36271.html CVE-2023-36271 https://bugzilla.suse.com/1212709 SUSE Bug 1212709 LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. CVE-2023-36273 openSUSE Tumbleweed:libredwg-devel-0.12.5.5907-1.1 openSUSE Tumbleweed:libredwg-tools-0.12.5.5907-1.1 openSUSE Tumbleweed:libredwg0-0.12.5.5907-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-36273.html CVE-2023-36273 https://bugzilla.suse.com/1212706 SUSE Bug 1212706