CVE-2021-21899 — Vulnetix

CVE-2021-21899 PUBLISHED

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

EPSS 2.83% · 86.5th percentile

Risk Scores

EPSS Score

2.83%

86.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	librecad	2.1.3-1.2build1, 2.1.3-1.2, 0
Ubuntu:Pro:18.04:LTS	librecad	0, 2.1.2-1
Ubuntu:18.04:LTS	librecad	2.1.2-1, 0
Ubuntu:Pro:16.04:LTS	librecad	2.0.9-2, 2.0.4-1build1, 0

Exploit Intelligence

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350 (nist-nvd)
FEDORA-2021-fa9e3c23f2 (circl)
FEDORA-2021-67c946a9f3 (circl)
[debian-lts-announce] 20211203 [SECURITY] [DLA 2838-1] librecad security update (circl)
DSA-5077 (circl)
GLSA-202305-26 (circl)

Timeline

Nov 19, 2021 CVE Published
Nov 20, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 10, 2022 EPSS Score
May 5, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Oct 18, 2022 EPSS Score
Dec 12, 2022 EPSS Score
Feb 6, 2023 EPSS Score
Feb 23, 2023 EPSS Score
Apr 2, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-21899 third-party-advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350 third-party-advisory
https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5 third-party-advisory
https://ubuntu.com/security/notices/USN-5957-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2021-21899 third-party-advisory

Open in Interactive Console →