Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 8 MGASA-2022-0151 Moderate: libdxfrw Code Execution Threats

mageia
Calendar Grey April 24, 2022
Dist Mageia Esm H88
Elevated libdxfrw safety concerns resolved through a recent patch. Potential code execution threats mitigated across several weaknesses.
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580

Summary

A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21898)
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21899)
A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21900)
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application usin...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29720

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/

- https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/

-

- https://www.cve.org/CVERecord?id=CVE-2021-21898

- https://www.cve.org/CVERecord?id=CVE-2021-21899

- https://www.cve.org/CVERecord?id=CVE-2021-21900

- https://www.cve.org/CVERecord?id=CVE-2021-45343

Topics%20covered

Topics Covered

security advisory code execution multiple threats Mageia libdxfrw

Resolution

SRPMS

- 8/core/libdxfrw-1.0.1-1.1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 24 Apr 2022
URL: https://advisories.mageia.org/MGASA-2022-0151.html
Type: security
CVE: CVE-2021-21898, CVE-2021-21899, CVE-2021-21900, CVE-2021-45343

Topics%20covered

Topics Covered

security advisory code execution multiple threats Mageia libdxfrw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here