CVE-2021-21899Improper Restriction of Operations within the Bounds of a Memory Buffer in Librecad

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write8 documents6 sources
Severity
8.8HIGHNVD
OSV7.8
EPSS
0.4%
top 37.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LibrecadDebian LibrecadDebian Linux+2 more
Timeline
PublishedNov 19
Latest updateMar 15

Description

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDlibrecad/libdxfrw2.2.0-rc2-19-ge02f3580
debiandebian/librecad< librecad 2.1.3-2 (bookworm)
Debianlibrecad/librecad< 2.1.3-1.3+deb11u1+3
Ubuntulibrecad/librecad< 2.1.3-1.2+deb10u1build0.20.04.1+2

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35

🔴Vulnerability Details

3
OSV
librecad vulnerabilities2023-03-15
GHSA
GHSA-xwm9-c4jc-crcp: A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 22022-05-24
OSV
CVE-2021-21899: A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 22021-11-19

📋Vendor Advisories

2
Ubuntu
LibreCAD vulnerabilities2023-03-15
Debian
CVE-2021-21899: librecad - A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 func...2021

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD2021-11-17
Talos
Vulnerability Spotlight: Multiple code execution vulnerabilities in LibreCAD2021-11-17
CVE-2021-21899 — Debian Librecad vulnerability | cvebase