Login Sign Up

CVE-2023-36274

8.8 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2023-36274 is a heap buffer overflow vulnerability in LibreDWG's bit_write_TF function that allows attackers to execute arbitrary code or cause denial of service. This affects systems using LibreDWG v0.11 to v0.12.5 for processing DWG files. Users and applications that handle untrusted DWG files are at risk.

💻 Affected Systems

Products:
  • LibreDWG
Versions: v0.11 to v0.12.5
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using LibreDWG library to process DWG files is vulnerable. This includes CAD software, file converters, and web applications with DWG processing capabilities.

📦 What is this software?

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Application crash (denial of service) when processing malicious DWG files

🟢

If Mitigated

Limited impact with proper sandboxing and file validation controls

🌐 Internet-Facing: MEDIUM - Requires processing untrusted DWG files, which is common in web applications handling CAD uploads
🏢 Internal Only: LOW - Internal users typically process trusted files, but risk exists with external file sharing

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Proof-of-concept exists in GitHub issues. Exploitation requires crafting a malicious DWG file that triggers the buffer overflow when processed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.12.6 and later

Vendor Advisory: https://github.com/LibreDWG/libredwg/commit/8651fa27dd2de731e706e2ba09f0d28e4e0dce33

Restart Required: Yes

Instructions:

1. Update LibreDWG to version 0.12.6 or later. 2. Rebuild any applications using LibreDWG. 3. Restart services using the library.

🔧 Temporary Workarounds

Disable DWG file processing

all

Temporarily disable LibreDWG functionality or block DWG file uploads/processing

Sandbox LibreDWG processes

linux

Run LibreDWG in isolated containers with limited permissions

docker run --read-only --cap-drop=ALL -v /tmp:/tmp:ro your_app

🧯 If You Can't Patch

  • Implement strict file validation: reject malformed DWG files before processing
  • Deploy application sandboxing with minimal privileges and network restrictions

🔍 How to Verify

Check if Vulnerable:

Check LibreDWG version: libredwg --version or examine library files

Check Version:

libredwg --version 2>/dev/null || strings /usr/lib/libredwg.so | grep 'libredwg'

Verify Fix Applied:

Confirm version is 0.12.6 or later and test with known malicious DWG files

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults in LibreDWG processes
  • Abnormal memory usage patterns
  • Repeated crashes when processing DWG files

Network Indicators:

  • Unusual DWG file uploads to web applications
  • Large DWG files triggering processing errors

SIEM Query:

process_name:"libredwg" AND (event_type:"crash" OR memory_usage:>threshold)

📊 Metadata

CVE ID: CVE-2023-36274
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 23, 2023
Last Updated: March 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36274, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)