CVE-2021-45343

Published: Jan 25, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.

Affected (5)

Products: Librecad: Librecad · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Librecad Librecad	Version 2.2.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (10)

https://github.com/LibreCAD/LibreCAD/issues/1468

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCC2FZ6HZOIK3775K4MTCOUHX6PLGPEL/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202305-26

Source: cve@mitre.org

https://www.debian.org/security/2022/dsa-5077

Source: cve@mitre.org

Third Party Advisory

https://github.com/LibreCAD/LibreCAD/issues/1468