CVE-2021-45341 — Classic Buffer Overflow in Librecad

CWE-120 — Classic Buffer Overflow6 documents5 sources

Severity

8.8HIGHNVD

OSV7.8

EPSS

3.8%

top 11.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Librecad Debian Librecad Debian Linux +1 more

Timeline

PublishedJan 25

Latest updateMar 15

Description

A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/librecad< librecad 2.1.3-3 (bookworm)

▶NVDlibrecad/librecad< 2.2.0+1

▶Debianlibrecad/librecad< 2.1.3-1.3+deb11u1+3

▶Ubuntulibrecad/librecad< 2.1.3-1.2+deb10u1build0.20.04.1+2

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

🔴Vulnerability Details

OSV

librecad vulnerabilities↗2023-03-15

▶

GHSA

GHSA-9882-476q-39vf: A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2↗2022-02-15

▶

OSV

CVE-2021-45341: A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2↗2022-01-25

▶

📋Vendor Advisories

Ubuntu

LibreCAD vulnerabilities↗2023-03-15

▶

Debian

CVE-2021-45341: librecad - A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD...↗2021

▶