Lucene search
Veracode Vulnerability DatabaseVERACODE:33330HistoryDec 14, 2021 - 8:13 p.m.
Remote Code Execution (RCE)
2021-12-1420:13:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
librecad
remote code execution
vulnerability
dwgcompressor
out-of-bounds write
EPSS
0.017
Percentile
87.9%
librecad is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by injecting a specially-crafted .dwg file via dwgCompressor::decompress18() functionality of LibreCad libdxfrw which can lead to an out-of-bounds write.
References
lists.debian.org/debian-lts-announce/2021/12/msg00002.html
lists.fedoraproject.org/archives/list/[email protected]/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/
lists.fedoraproject.org/archives/list/[email protected]/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/
security-tracker.debian.org/tracker/CVE-2021-21898
talosintelligence.com/vulnerability_reports/TALOS-2021-1349
www.debian.org/security/2022/dsa-5077
Related
ubuntucve
ubuntucve
CVE-2021-21898
2021-11-19 00:00:00
prion
prion
Remote code execution
2021-11-19 20:15:00
talos
talos
nvd
nvd
CVE-2021-21898
2021-11-19 20:15:17
cve
cve
CVE-2021-21898
2021-11-19 20:15:17
cvelist
cvelist
CVE-2021-21898
2021-11-19 00:00:00
debiancve
debiancve
CVE-2021-21898
2021-11-19 20:15:17
cnvd
cnvd
LibreCad buffer overflow vulnerability
2021-11-22 00:00:00
openvas
openvas
Fedora: Security Advisory for librecad (FEDORA-2021-67c946a9f3)
2021-12-04 00:00:00
Debian: Security Advisory (DLA-2838-1)
2021-12-04 00:00:00
Fedora: Security Advisory for libdxfrw (FEDORA-2021-fa9e3c23f2)
2021-12-04 00:00:00
nessus
nessus
Debian DLA-2838-1 : librecad - LTS security update
2021-12-03 00:00:00
openSUSE 15 Security Update : libdxfrw, librecad (openSUSE-SU-2022:0067-1)
2022-03-05 00:00:00
Debian DSA-5077-1 : librecad - security update
2022-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: librecad-2.2.0-0.11.rc2.fc34
2021-12-01 01:14:37
[SECURITY] Fedora 35 Update: libdxfrw-1.0.1-1.fc35
2021-12-01 01:21:29
[SECURITY] Fedora 34 Update: libdxfrw-1.0.1-1.fc34
2021-12-01 01:14:37
debian
debian
[SECURITY] [DLA 2838-1] librecad security update
2021-12-03 13:00:22
[SECURITY] [DSA 5077-1] librecad security update
2022-02-15 19:59:25
osv
osv
librecad - security update
2021-12-03 00:00:00
librecad - security update
2022-02-15 00:00:00
librecad vulnerabilities
2023-03-15 16:20:03
suse
suse
Security update for libdxfrw, librecad (important)
2022-03-03 00:00:00
mageia
mageia
Updated libdxfrw packages fix security vulnerability
2022-04-24 13:43:54
gentoo
gentoo
LibreCAD: Multiple Vulnerabilities
2023-05-21 00:00:00
ubuntu
ubuntu
LibreCAD vulnerabilities
2023-03-15 00:00:00