VDB
CVE-2021-21898
CVE-2021-21898
PUBLISHED
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
EPSS 1.93% · 83.7th percentile
Risk Scores
EPSS Score
1.93%
83.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | librecad | 2.0.4-1build1, 2.0.9-2, 2.0.8-1 |
| Ubuntu:22.04:LTS | librecad | 2.1.3-1.3, 0 |
| Ubuntu:18.04:LTS | librecad | 0, 2.1.2-1 |
| Ubuntu:Pro:18.04:LTS | librecad | 2.1.2-1, 0 |
| Ubuntu:20.04:LTS | librecad | 2.1.3-1.2build1, 0, 2.1.3-1.2 |
Exploit Intelligence
- CIRCL seen: CVE-2021-21898 (circl-sighting)
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349 (circl)
- FEDORA-2021-fa9e3c23f2 (circl)
- FEDORA-2021-67c946a9f3 (circl)
- [debian-lts-announce] 20211203 [SECURITY] [DLA 2838-1] librecad security update (circl)
- DSA-5077 (circl)
- GLSA-202305-26 (circl)
Timeline
- Nov 19, 2021 CVE Published
- Nov 19, 2021 PoC Published
- Nov 20, 2021 EPSS Score
- Jan 14, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 5, 2022 EPSS Score
- Aug 24, 2022 EPSS Score
- Oct 18, 2022 EPSS Score
- Dec 30, 2022 EPSS Score
- Feb 6, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-21898 third-party-advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1349 third-party-advisory
- https://github.com/LibreCAD/libdxfrw/commit/ba3fa95648bef948e008dfbdd31a4d21badd71f0 third-party-advisory
- https://ubuntu.com/security/notices/USN-5957-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-21898 third-party-advisory