Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5957-1

Ubuntu Security Notice 5957-1 - Cody Sixteen discovered that LibreCAD incorrectly handled memory when parsing DXF files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. Lilith of Cisco Talos discovered that LibreCAD incorrectly handled memory when parsing DWG files. An attacker could use this issue to cause LibreCAD to crash, leading to a denial of service, or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#cisco#dos
==========================================================================Ubuntu Security Notice USN-5957-1March 15, 2023librecad vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 ESMSummary:Several security issues were fixed in LibreCAD.Software Description:- librecad: Computer-aided design (CAD) systemDetails:Cody Sixteen discovered that LibreCAD incorrectlyhandled memory when parsing DXF files. An attacker coulduse this issue to cause LibreCAD to crash, leading to adenial of service. This issue only affectedUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-19105)Lilith of Cisco Talos discovered that LibreCAD incorrectlyhandled memory when parsing DWG files. An attacker coulduse this issue to cause LibreCAD to crash, leading to adenial of service, or possibly execute arbitrary code.(CVE-2021-21898, CVE-2021-21899)Lilith of Cisco Talos discovered that LibreCAD incorrectlyhandled memory when parsing DRW files. An attacker coulduse this issue to cause LibreCAD to crash, leading to adenial of service, or possibly execute arbitrary code.(CVE-2021-21900)Albin Eldstål-Ahrens discovered that LibreCAD incorrectlyhandled memory when parsing JWW files. An attacker coulduse this issue to cause LibreCAD to crash, leading to adenial of service, or possibly execute arbitrary code.(CVE-2021-45341, CVE-2021-45342)Albin Eldstål-Ahrens discovered that LibreCAD incorrectlyhandled memory when parsing DXF files. An attacker coulduse this issue to cause LibreCAD to crash, leading to adenial of service. (CVE-2021-45343)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   librecad                        2.1.3-1.2+deb10u1build0.20.04.1Ubuntu 18.04 LTS:   librecad                        2.1.2-1ubuntu0.1~esm1Ubuntu 16.04 ESM:   librecad                        2.0.9-2ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5957-1   CVE-2018-19105, CVE-2021-21898, CVE-2021-21899, CVE-2021-21900,   CVE-2021-45341, CVE-2021-45342, CVE-2021-45343Package Information:https://launchpad.net/ubuntu/+source/librecad/2.1.3-1.2+deb10u1build0.20.04.1https://launchpad.net/ubuntu/+source/librecad/2.1.2-1ubuntu0.1~esm1

Related news

Gentoo Linux Security Advisory 202305-26

Gentoo Linux Security Advisory 202305-26 - Multiple vulnerabilities have been discovered in LibreCAD, the worst of which could result in denial of service. Versions greater than or equal to 2.1.3-r7 are affected.

CVE-2021-45342: Remote Code Execution vulnerability in LibreCAD 2.2.0-rc3 (JWW CDataList) · Issue #1464 · LibreCAD/LibreCAD

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

CVE-2021-45343: NULL pointer dereference in DXF parser, HATCH code 93 · Issue #1468 · LibreCAD/LibreCAD

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.

CVE-2021-45341: Remote Code Execution vulnerability in LibreCAD 2.2.0-rc3 (JWW CDataMoji) · Issue #1462 · LibreCAD/LibreCAD

A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

CVE-2021-21898: TALOS-2021-1349 || Cisco Talos Intelligence Group

A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-21899: TALOS-2021-1350 || Cisco Talos Intelligence Group

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-21900: TALOS-2021-1351 || Cisco Talos Intelligence Group

A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6