Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-45343: NULL pointer dereference in DXF parser, HATCH code 93 · Issue #1468 · LibreCAD/LibreCAD

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.

CVE
#windows#dos#c++

Steps to reproduce or sample file

  1. Unzip and load the attached proof of concept file in LibreCAD 2.2.0-rc3

Cause

The std::shared_ptr DRW_Hatch::loop is written to when loading a HATCH entity with code 93. If this occurs before a code 92, the pointer is still NULL, leading to a crash.

Impact

Denial of service.

Proposed Mitigation

Ensure that DRW_Hatch::loop is not NULL before dereferencing at drw_entities.cpp:1808

Operating System and LibreCAD version info

Version: 2.2.0-rc3
Compiler: GNU GCC 7.3.0
Compiled on: Nov 29 2021
Qt Version: 5.12.4
Boost Version: 1.65.1
System: Windows 10 (10.0)

Related news

Gentoo Linux Security Advisory 202305-26

Gentoo Linux Security Advisory 202305-26 - Multiple vulnerabilities have been discovered in LibreCAD, the worst of which could result in denial of service. Versions greater than or equal to 2.1.3-r7 are affected.

Ubuntu Security Notice USN-5957-1

Ubuntu Security Notice 5957-1 - Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DWG files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907