CVE-2021-21897Integer Underflow (Wrap or Wraparound) in Dxflib

CWE-191Integer Underflow (Wrap or Wraparound)CWE-787Out-of-bounds Write6 documents5 sources
Severity
8.8HIGHNVD
EPSS
2.8%
top 13.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Ribbonsoft DxflibDebian CloudcompareDebian Dxflib+5 more
Timeline
PublishedSep 8
Latest updateMay 24

Description

A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

Debianribbonsoft/dxflib< 3.26.4-1+2
NVDribbonsoft/dxflib3.17.0
debiandebian/dxflib< cloudcompare 2.11.3-7.1 (bookworm)
debiandebian/librecad< cloudcompare 2.11.3-7.1 (bookworm)
debiandebian/horizon-eda< cloudcompare 2.11.3-7.1 (bookworm)

Also affects: Debian Linux 9.0, Fedora 35, 36, 37

🔴Vulnerability Details

2
GHSA
GHSA-ghgg-v38h-7v7m: A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 32022-05-24
OSV
CVE-2021-21897: A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 32021-09-08

📋Vendor Advisories

1
Debian
CVE-2021-21897: cloudcompare - A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functi...2021

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library2021-09-07
Talos
Vulnerability Spotlight: Heap buffer overflow vulnerability in Ribbonsoft dxflib library2021-09-07
CVE-2021-21897 — Integer Underflow (Wrap or Wraparound) | cvebase