Debian Librecad vulnerabilities

9 known vulnerabilities affecting debian/librecad.

Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2023-30259LOWCVSS 5.5fixed in librecad 2.2.0.2-1 (forky)2023
CVE-2023-30259 [MEDIUM] CVE-2023-30259: librecad - A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows att... A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.2.0.2-1) sid: resolved (fixed in 2.2.0.2-1) trixie: resolved (fixed in 2.2.0.2-1)
debian
CVE-2021-21899HIGHCVSS 8.8fixed in librecad 2.1.3-2 (bookworm)2021
CVE-2021-21899 [HIGH] CVE-2021-21899: librecad - A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 func... A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.1.3-2) bullseye: resolved (fixed in 2.1.3-1.3+deb1
debian
CVE-2021-21898HIGHCVSS 8.8fixed in librecad 2.1.3-2 (bookworm)2021
CVE-2021-21898 [HIGH] CVE-2021-21898: librecad - A code execution vulnerability exists in the dwgCompressor::decompress18() funct... A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.1.3-2) bullseye: resolved (fixed in 2.1.3-1.3+deb11
debian
CVE-2021-45341HIGHCVSS 8.8fixed in librecad 2.1.3-3 (bookworm)2021
CVE-2021-45341 [HIGH] CVE-2021-45341: librecad - A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD... A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. Scope: local bookworm: resolved (fixed in 2.1.3-3) bullseye: resolved (fixed in 2.1.3-1.3+deb11u1) forky: resolved (fixed in 2.1.3-3) sid: resolved (fixed in 2.1.3-3) trixie: resolved
debian
CVE-2021-45342HIGHCVSS 7.8fixed in librecad 2.1.3-3 (bookworm)2021
CVE-2021-45342 [HIGH] CVE-2021-45342: librecad - A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD... A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. Scope: local bookworm: resolved (fixed in 2.1.3-3) bullseye: resolved (fixed in 2.1.3-1.3+deb11u1) forky: resolved (fixed in 2.1.3-3) sid: resolved (fixed in 2.1.3-3) trixie: resolved
debian
CVE-2021-21897HIGHCVSS 8.8fixed in cloudcompare 2.11.3-7.1 (bookworm)2021
CVE-2021-21897 [HIGH] CVE-2021-21897: cloudcompare - A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functi... A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.11.3-7.1) bullseye: open forky: resolved (fixed in 2.11.3-7.1) s
debian
CVE-2021-21900HIGHCVSS 8.8fixed in librecad 2.1.3-2 (bookworm)2021
CVE-2021-21900 [HIGH] CVE-2021-21900: librecad - A code execution vulnerability exists in the dxfRW::processLType() functionality... A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. Scope: local bookworm: resolved (fixed in 2.1.3-2) bullseye: resolved (fixed in 2.1.3-1.3+deb11
debian
CVE-2021-45343MEDIUMCVSS 5.5fixed in librecad 2.1.3-3 (bookworm)2021
CVE-2021-45343 [MEDIUM] CVE-2021-45343: librecad - In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw ... In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. Scope: local bookworm: resolved (fixed in 2.1.3-3) bullseye: resolved (fixed in 2.1.3-1.3+deb11u1) forky: resolved (fixed in 2.1.3-3) sid: resolved (fixed in 2.1.3-3) trixie: resolved (fixed in 2.1.3-3)
debian
CVE-2018-19105HIGHCVSS 7.8fixed in librecad 2.1.3-1.2 (bookworm)2018
CVE-2018-19105 [HIGH] CVE-2018-19105: librecad - LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 ... LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file. Scope: local bookworm: resolved (fixed in 2.1.3-1.2) bullseye: resolved (fixed in 2.1.3-1.2) forky: resolved (fixed in 2.1.3-1.2) sid: resolved (fixed in 2.1.3-1.2) trixie: resolv
debian