Publishing details

• Published on 2022-09-10

Changelog

librecad (2.1.3-1.2+deb10u1) buster-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2021-21898: A code execution vulnerability exists in the
    dwgCompressor::decompress18() functionality of LibreCad libdxfrw. A
    specially-crafted .dwg file can lead to an out-of-bounds write.
  * CVE-2021-21899: A code execution vulnerability exists in the
    dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw. A
    specially-crafted .dwg file can lead to a heap buffer overflow.
  * CVE-2021-21900: A code execution vulnerability exists in the
    dxfRW::processLType() functionality of LibreCad libdxfrw. A
    specially-crafted .dxf file can lead to a use-after-free
    vulnerability.
  * CVE-2021-45341: Buffer overflow vulnerabilities in CDataMoji of the jwwlib
    component of LibreCAD allows an attacker to achieve Remote Code Execution
    using a crafted JWW document.
  * CVE-2021-45342: Buffer overflow vulnerabilities in CDataList of the jwwlib
    component of LibreCAD allows an attacker to achieve Remote Code Execution
    using a crafted JWW document.
  * CVE-2021-45343: a NULL pointer dereference in the HATCH handling of
    libdxfrw allows an attacker to crash the application using a crafted DXF
    document.

 -- Aron Xu <email address hidden>  Sun, 30 Jan 2022 22:53:52 +0800

Builds

Package files

• librecad_2.1.3-1.2+deb10u1.debian.tar.xz (17.8 KiB)
• librecad_2.1.3-1.2+deb10u1.dsc (2.2 KiB)
• librecad_2.1.3.orig.tar.gz (21.4 MiB)