Lucene search

Ubuntu.comUB:CVE-2021-45343

HistoryJan 25, 2022 - 12:00 a.m.

CVE-2021-45343

2022-01-2500:00:00

ubuntu.com

librecad 2.2.0

null pointer

hatch handling

libdxfrw

crafted dxf document

crash

application

poc

patch

unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

45.0%

JSON

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of
libdxfrw allows an attacker to crash the application using a crafted DXF
document.

Notes

Author	Note
eslerm	provided PoC still crashes program after applying patch

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibrecad< 2.1.2-1ubuntu0.1UNKNOWN
ubuntu20.04noarchlibrecad< 2.1.3-1.2+deb10u1build0.20.04.1UNKNOWN
ubuntu22.04noarchlibrecad< 2.1.3-3UNKNOWN
ubuntu22.10noarchlibrecad< 2.1.3-3UNKNOWN
ubuntu24.04noarchlibrecad< anyUNKNOWN
ubuntu16.04noarchlibrecad< 2.0.9-2ubuntu0.1~esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	librecad	< 2.1.2-1ubuntu0.1	UNKNOWN
ubuntu	20.04	noarch	librecad	< 2.1.3-1.2+deb10u1build0.20.04.1	UNKNOWN
ubuntu	22.04	noarch	librecad	< 2.1.3-3	UNKNOWN
ubuntu	22.10	noarch	librecad	< 2.1.3-3	UNKNOWN
ubuntu	24.04	noarch	librecad	< any	UNKNOWN
ubuntu	16.04	noarch	librecad	< 2.0.9-2ubuntu0.1~esm1	UNKNOWN