librecad (2.1.2-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: DoS due to write access violation in libdxfrw
- debian/patches/CVE-2018-19105.patch: prevent write access
violation when a malicious DXF is read in
libraries/libdxfrw/src/drw_header.cpp and
libraries/libdxfrw/src/libdxfrw.cpp.
- CVE-2018-19105
* SECURITY UPDATE: code execution due to heap overflow in copyCompBytes18
- debian/patches/CVE-2021-21898.patch: perform bound checking when
processing a DWG file through dwgCompressor::decompress18 in
src/intern/dwgreader18.cpp, src/intern/dwgreader18.h,
src/intern/dwgutil.cpp and src/intern/dwgutil.h.
- CVE-2021-21898
* SECURITY UPDATE: code execution due to heap overflow in copyCompBytes21
- debian/patches/CVE-2021-21899.patch: perform bound checking when
processing a DWG file through dwgCompressor::decompress21 in
src/intern/dwgreader21.cpp, src/intern/dwgutil.cpp and
src/intern/dwgutil.h.
- CVE-2021-21899
* SECURITY UPDATE: heap use-after-free in DRW_TableEntry::parseCode
- debian/patches/CVE-2021-21900.patch: allow any coordinate order
in when processing a DRW file through DRW_TableEntry::parseCode
in src/drw_objects.cpp and src/drw_objects.h.
- CVE-2021-21900
* SECURITY UPDATE: code execution due to stack overflow in CDataMoji
- debian/patches/CVE-2021-45341.patch: perform bound checking
when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
- CVE-2021-45341
* SECURITY UPDATE: code execution due to stack overflow in CDataList
- debian/patches/CVE-2021-45342.patch: perform bound checking
when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
- CVE-2021-45342
* SECURITY UPDATE: DoS due to NULL pointer dereference in DXF parser
- debian/patches/CVE-2021-45343.patch: add NULL check when
handling hatch code 93 in
libraries/libdxfrw/src/drw_entities.cpp.
- CVE-2021-45343
-- David Fernandez Gonzalez <email address hidden> Mon, 13 Mar 2023 09:44:40 +0100
