CVE-2021-45341

Published: Jan 25, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

Affected (8)

Products: Librecad: Librecad · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Librecad Librecad	Before 2.2.0
Librecad Librecad	Version 2.2.0 rc1
Librecad Librecad	Version 2.2.0 rc2
Librecad Librecad	Version 2.2.0 rc3

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (10)

https://github.com/LibreCAD/LibreCAD/issues/1462

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCC2FZ6HZOIK3775K4MTCOUHX6PLGPEL/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202305-26

Source: cve@mitre.org

https://www.debian.org/security/2022/dsa-5077

Source: cve@mitre.org

Third Party Advisory

https://github.com/LibreCAD/LibreCAD/issues/1462