CVE-2021-45342 — Classic Buffer Overflow in Librecad

CWE-120 — Classic Buffer Overflow6 documents5 sources

Severity

7.8HIGHNVD

EPSS

1.9%

top 16.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Librecad Debian Librecad Debian Linux +1 more

Timeline

PublishedJan 25

Latest updateMar 15

Description

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/librecad< librecad 2.1.3-3 (bookworm)

▶Debianlibrecad/librecad< 2.1.3-1.3+deb11u1+3

▶Ubuntulibrecad/librecad< 2.1.3-1.2+deb10u1build0.20.04.1+2

▶NVDlibrecad/librecad2.1.3+1

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

🔴Vulnerability Details

OSV

librecad vulnerabilities↗2023-03-15

▶

GHSA

GHSA-jvxq-fmg4-p4w2: A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2↗2022-02-15

▶

OSV

CVE-2021-45342: A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2↗2022-01-25

▶

📋Vendor Advisories

Ubuntu

LibreCAD vulnerabilities↗2023-03-15

▶

Debian

CVE-2021-45342: librecad - A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD...↗2021

▶