CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
47.5%
A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
Vendor | Product | Version | CPE |
---|---|---|---|
librecad | librecad | * | cpe:2.3:a:librecad:librecad:*:*:*:*:*:*:*:* |
librecad | librecad | 2.2.0 | cpe:2.3:a:librecad:librecad:2.2.0:alpha:*:*:*:*:*:* |
librecad | librecad | 2.2.0 | cpe:2.3:a:librecad:librecad:2.2.0:rc1:*:*:*:*:*:* |
librecad | librecad | 2.2.0 | cpe:2.3:a:librecad:librecad:2.2.0:rc2:*:*:*:*:*:* |
librecad | librecad | 2.2.0 | cpe:2.3:a:librecad:librecad:2.2.0:rc3:*:*:*:*:*:* |
fedoraproject | fedora | 34 | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
fedoraproject | fedora | 35 | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
debian | debian_linux | 10.0 | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
github.com/LibreCAD/LibreCAD/issues/1464
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCC2FZ6HZOIK3775K4MTCOUHX6PLGPEL/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/
security.gentoo.org/glsa/202305-26
www.debian.org/security/2022/dsa-5077
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
47.5%