Headline
CVE-2021-45343: NULL pointer dereference in DXF parser, HATCH code 93 · Issue #1468 · LibreCAD/LibreCAD
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.
Steps to reproduce or sample file
- Unzip and load the attached proof of concept file in LibreCAD 2.2.0-rc3
Cause
The std::shared_ptr DRW_Hatch::loop is written to when loading a HATCH entity with code 93. If this occurs before a code 92, the pointer is still NULL, leading to a crash.
Impact
Denial of service.
Proposed Mitigation
Ensure that DRW_Hatch::loop is not NULL before dereferencing at drw_entities.cpp:1808
Operating System and LibreCAD version info
Version: 2.2.0-rc3
Compiler: GNU GCC 7.3.0
Compiled on: Nov 29 2021
Qt Version: 5.12.4
Boost Version: 1.65.1
System: Windows 10 (10.0)