VDB

GCVE-110-MAGEIA-2022-151

GCVE-110-MAGEIA-2022-151
Advisory Published
Vulnetix · Advisory published April 24, 2022
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21898) A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21899) A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-21900) In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. (CVE-2021-45343)

Affected Products

VendorProductVersionsPlatforms
Mageiaradeon-firmware0 (affected), 20221109-1.mga8.nonfree (unaffected)
Mageiakernel-firmware-nonfree20221109-1.mga8.nonfree (unaffected), 0 (affected)
Mageialibdxfrw0 (affected), 1.0.1-1.1.mga8 (unaffected), 0 (affected), 1.0.1-1.1.mga8 (unaffected)

Browse GCVE Records

73,834 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›