CVE-2021-21899

December 3, 2021

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Summary:

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Reference Links(if available):

  • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/
  • https://lists.fedoraproject.org/archives/list/[email protected]/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/
  • https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    ransomhouse 1

    RansomHouse Ransomware Victim: STERCH – INTERNATIONAL s[.]r[.]o[.]

    April 24, 2024
    ransomhouse 1

    RansomHouse Ransomware Victim: Bank Pembangunan Daerah Banten Tbk PT

    April 24, 2024
    BianLian

    BianLian Ransomware Victim: defi SOLUTIONS[.]

    April 24, 2024
    CISA Logo

    CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

    April 24, 2024
    CISA Logo

    CISA: Joint Guidance on Deploying AI Systems Securely

    April 24, 2024