SB2021111925 - Multiple vulnerabilities in LibreCAD libdxfrw
Published: November 19, 2021 Updated: December 19, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-21900)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error in the dxfRW::processLType() function. A remote attacker can trick the victim into opening a specially crafted .dwg file, trigger use-after-free, and execute arbitrary code on the target system.
2) Buffer overflow (CVE-ID: CVE-2021-21899)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a boundary error in the dwgCompressor::copyCompBytes21 function. A remote attacker can trick the victim into opening a specially crafted .dwg file, trigger heap buffer overflow, and execute arbitrary code on the target system.
3) Out-of-bounds write (CVE-ID: CVE-2021-21898)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a boundary error in the dwgCompressor::decompress18() function. A remote attacker can trick the victim into opening a specially crafted .dwg file, trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1351
- https://github.com/LibreCAD/libdxfrw/commit/fcd977cc7f8f6cc7f012e5b72d33cf7d77b3fa69
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
- https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349