MGASA-2022-0151

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0151.html

Import Source

https://advisories.mageia.org/MGASA-2022-0151.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2022-0151

Related

Published

2022-04-24T10:43:54Z

Modified

2022-04-24T10:01:56Z

Summary

Updated libdxfrw packages fix security vulnerability

Details

A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21898)

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21899)

A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21900)

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. (CVE-2021-45343)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:8 / libdxfrw

Package

Name: libdxfrw
Purl: pkg:rpm/mageia/libdxfrw?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.1-1.1.mga8

Ecosystem specific

{
    "section": "core"
}