{"id":"CVE-2023-36272","details":"LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.","modified":"2026-05-30T06:58:54.461612Z","published":"2023-06-23T00:00:00Z","related":["openSUSE-SU-2023:0201-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36272.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://github.com/LibreDWG/libredwg/blob/0.10/src/bits.c#L1677C11-L1683C17"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36272.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36272"},{"type":"REPORT","url":"https://github.com/LibreDWG/libredwg/issues/681#BUG1"},{"type":"FIX","url":"https://github.com/LibreDWG/libredwg/commit/c1ed1d91e28a6ddc7a9b5479d4795d58fb6be0ca"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libredwg/libredwg","events":[{"introduced":"0"},{"fixed":"c1ed1d91e28a6ddc7a9b5479d4795d58fb6be0ca"}],"database_specific":{"source":"REFERENCES"}}],"versions":["0.12.5","0.12.4","0.12.3","0.12.2","0.12.1","0.12","0.11.1","0.11","0.10.1","0.10","0.9.3","0.9.2","0.9.1","0.9","0.8","0.7","0.6.2","0.6.1","0.6","0.5","0.4.938","0.4.924","0.4.900","0.4-dev","0.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36272.json","vanir_signatures":[{"id":"CVE-2023-36272-55aea3bc","deprecated":false,"signature_version":"v1","target":{"file":"src/bits.c"},"digest":{"line_hashes":["249007745773169331523370964499489407204","237302075916336588877092081607018317593","249265483650173177841406791148420484617","136523751170474483677426936851642365622","31049498572403266144605818511465268777","301439162832622592644511683632958394154","161357459133448800226732834474228988495","251564537423470642212202419726498746190","239882181519798547964139662347317107954","315249526982570630410699664353844827545","113316893772975962684367266995648844416","260654714819690124311711674036729906809","94440309368264071335982105027563009526","114293115556212422599863217966715546504","280924514309004725630205082446437007028","55830683233747113400596617532881853136","93352497787825666204063582528790681296","191244845108703236973565835028550990202","96465312549607822461535235165668348858","106695270940511029724150681723810134466"],"threshold":0.9},"source":"https://github.com/libredwg/libredwg/commit/c1ed1d91e28a6ddc7a9b5479d4795d58fb6be0ca","signature_type":"Line"},{"id":"CVE-2023-36272-9b29774d","deprecated":false,"signature_version":"v1","target":{"function":"bit_utf8_to_TU","file":"src/bits.c"},"digest":{"function_hash":"30984442895503724511475752818049538229","length":1494},"source":"https://github.com/libredwg/libredwg/commit/c1ed1d91e28a6ddc7a9b5479d4795d58fb6be0ca","signature_type":"Function"}],"vanir_signatures_modified":"2026-05-30T06:58:54Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}