{"id":"CVE-2023-26157","details":"Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section-\u003enum_pages in decode_r2007.c.","modified":"2026-04-12T01:01:12.859416Z","published":"2024-01-02T05:15:08.160Z","related":["openSUSE-SU-2024:0147-1","openSUSE-SU-2024:13544-1"],"references":[{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730"},{"type":"FIX","url":"https://github.com/LibreDWG/libredwg/issues/850"},{"type":"FIX","url":"https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libredwg/libredwg","events":[{"introduced":"0"},{"fixed":"c8cf03ce4c2315b146caf582ea061c0460193bcc"}]},{"type":"GIT","repo":"https://github.com/libredwg/libredwg","events":[{"introduced":"0"},{"fixed":"c8cf03ce4c2315b146caf582ea061c0460193bcc"}]}],"versions":["0.10","0.10.1","0.11","0.11.1","0.12","0.12.1","0.12.2","0.12.3","0.12.4","0.12.5","0.3","0.4-dev","0.4.900","0.4.924","0.4.938","0.5","0.6","0.6.1","0.6.2","0.7","0.8","0.9","0.9.1","0.9.2","0.9.3"],"database_specific":{"vanir_signatures_modified":"2026-04-12T01:01:12Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"src/decode_r2007.c"},"source":"https://github.com/libredwg/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc","digest":{"threshold":0.9,"line_hashes":["217006450614870285968411797597213745219","200706603769390820511484186268904804199","38104450548866259470583206905950188169","303697867301622723522280517863464584893","115605732533553649165626545854261113058","22212419603647471472522465378850361177","22554465166310408426460977972658723346","314017014099522294806481809755598986064","70930589516202847693881906648549197449","127274737622797487522345195260003544710","57497177010789217660494105716751843323","174370191963990853808538478198741893999","285854601670524749403956162567165650546"]},"signature_type":"Line","id":"CVE-2023-26157-6f3c3ead"},{"signature_version":"v1","deprecated":false,"target":{"function":"read_data_section","file":"src/decode_r2007.c"},"source":"https://github.com/libredwg/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc","digest":{"function_hash":"148999153941967560062922587411455634690","length":2382},"signature_type":"Function","id":"CVE-2023-26157-a7b1b0e3"},{"signature_version":"v1","deprecated":false,"target":{"function":"read_sections_map","file":"src/decode_r2007.c"},"source":"https://github.com/libredwg/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc","digest":{"function_hash":"209595528848737100881183906464845156106","length":4610},"signature_type":"Function","id":"CVE-2023-26157-f027f795"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26157.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"0.12.5.6384"}]},{"events":[{"introduced":"0"},{"fixed":"0.12.5.6384"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}