Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-21899 (GCVE-0-2021-21899)
Vulnerability from cvelistv5
Published
2021-11-19 00:00
Modified
2024-08-03 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Summary
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:22.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350"
},
{
"name": "FEDORA-2021-fa9e3c23f2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/"
},
{
"name": "FEDORA-2021-67c946a9f3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/"
},
{
"name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2838-1] librecad security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html"
},
{
"name": "DSA-5077",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5077"
},
{
"name": "GLSA-202305-26",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LibreCAD",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-21T00:00:00",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350"
},
{
"name": "FEDORA-2021-fa9e3c23f2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/"
},
{
"name": "FEDORA-2021-67c946a9f3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/"
},
{
"name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2838-1] librecad security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html"
},
{
"name": "DSA-5077",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5077"
},
{
"name": "GLSA-202305-26",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-26"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2021-21899",
"datePublished": "2021-11-19T00:00:00",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:30:22.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-21899\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2021-11-19T19:15:08.080\",\"lastModified\":\"2024-11-21T05:49:12.350\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en la funcionalidad dwgCompressor::copyCompBytes21 de LibreCad libdxfrw versi\u00f3n 2.2.0-rc2-19-ge02f3580. Un archivo .dwg especialmente dise\u00f1ado puede conllevar a un desbordamiento del b\u00fafer de la pila. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:librecad:libdxfrw:2.2.0-rc2-19-ge02f3580:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"899C4160-5415-4C7D-B0D2-D7F33E58BBE0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"https://security.gentoo.org/glsa/202305-26\",\"source\":\"talos-cna@cisco.com\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5077\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202305-26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
fkie_cve-2021-21899
Vulnerability from fkie_nvd
Published
2021-11-19 19:15
Modified
2024-11-21 05:49
Severity ?
Summary
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| talos-cna@cisco.com | https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html | Mailing List, Third Party Advisory | |
| talos-cna@cisco.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/ | ||
| talos-cna@cisco.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/ | ||
| talos-cna@cisco.com | https://security.gentoo.org/glsa/202305-26 | ||
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350 | Exploit, Third Party Advisory | |
| talos-cna@cisco.com | https://www.debian.org/security/2022/dsa-5077 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-26 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5077 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| librecad | libdxfrw | 2.2.0-rc2-19-ge02f3580 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:librecad:libdxfrw:2.2.0-rc2-19-ge02f3580:*:*:*:*:*:*:*",
"matchCriteriaId": "899C4160-5415-4C7D-B0D2-D7F33E58BBE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en la funcionalidad dwgCompressor::copyCompBytes21 de LibreCad libdxfrw versi\u00f3n 2.2.0-rc2-19-ge02f3580. Un archivo .dwg especialmente dise\u00f1ado puede conllevar a un desbordamiento del b\u00fafer de la pila. Un atacante puede proporcionar un archivo malicioso para desencadenar esta vulnerabilidad"
}
],
"id": "CVE-2021-21899",
"lastModified": "2024-11-21T05:49:12.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-19T19:15:08.080",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html"
},
{
"source": "talos-cna@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/"
},
{
"source": "talos-cna@cisco.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/"
},
{
"source": "talos-cna@cisco.com",
"url": "https://security.gentoo.org/glsa/202305-26"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5077"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "talos-cna@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
opensuse-su-2022:0067-1
Vulnerability from csaf_opensuse
Published
2022-03-02 21:21
Modified
2022-03-02 21:21
Summary
Security update for libdxfrw, librecad
Notes
Title of the patch
Security update for libdxfrw, librecad
Description of the patch
This update for libdxfrw, librecad fixes the following issues:
- Update to version 1.0.1+git.20220109:
* fixed ambiguous error for DRW_Dimension::parseDwg()
* fixed enless while()-loop for pre 2004 versions
* dwgReader::readDwgObjects() stop reading after 1st error
* dwgReader::readDwgEntities() stop reading after 1st error
* replace ENTRY_PARSE macro with template method
* remove unused DRW_Class::parseCode() method
* protect vector<>.reserve() calls
* Added NULL check for hatch code 93
* Fix bounds check in DRW_LWPolyline
* fix, check maxClassNum for valid value
* fixed wrong 2010+ check for 64-bit size
* Set compiler warnings on by default, because makes harder for bugs to go undetected. modified: CMakeLists.txt
* Fixed fall through and other warnings (#54)
* fix 'Vertex ID' printout
- Update to version 1.0.1+git.20211110:
* fixed heap use after free vulnerability CVE-2021-21900 (boo#1192938)
* minor improvements to dwg2dxf, formatting and message output on success
* fixed heap buffer overflow vulnerability CVE-2021-21899 (boo#1192937)
* dwg2dxf - enable debug output of libdxfrw by command line switch
* fixed out-of-bounds write vulnerability CVE-2021-21898 (boo#1192936)
* fixed please note section formatting
* updated README.md for LibreCAD_3 branch and sf.net successor
* fixed LibreCAD 2 issue #1371, read failed with binary DXF
* Use ununordered_map instead of map
* manual merge changes from LibreCAD2
* and much more
- Update to version 1.0.1+git.20200429:
* Fix includes install dir
* Export target as libdxfrw::libdxfrw to keep consistency with Conan packages
* Add archive destination in install
* Install DXFRW::dxfrw target
* Remove duplicate target properties
* Remove version from pkg-config file
* Let CMake handle C++11 compiler definition
* Change minimal required CMake version to 3.0
* cmake: add doc target
* README.md: fix typo
* cmake: generate and install pkgconfig
* cmake: add one for dwg2dxf
* cmake: set library VERSIONs
* cmake: use GNUInstallDirs
- Update to version 0.6.3+git.20190501:
* Add build status and update example link
* Add Travis-CI script
* [#10] Fix compilation on GCC
* Fix bugs with .dwg import of TEXT and MTEXT entities
* This was unnecessary
* Link libdxfrw against libstdc++
* Return an error when the file ends prematurely
* Add version getter
* Fix polyline 2d/3d write
* Initialize return buffers in GetRawChar8 et al.
- update to 2.2.0-rc3
* major release
* DWG imports are more reliable now
* and a lot more of bugfixes and improvements
Patchnames
openSUSE-2022-67
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libdxfrw, librecad",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libdxfrw, librecad fixes the following issues:\n\n- Update to version 1.0.1+git.20220109:\n\n * fixed ambiguous error for DRW_Dimension::parseDwg()\n * fixed enless while()-loop for pre 2004 versions\n * dwgReader::readDwgObjects() stop reading after 1st error\n * dwgReader::readDwgEntities() stop reading after 1st error\n * replace ENTRY_PARSE macro with template method\n * remove unused DRW_Class::parseCode() method\n * protect vector\u003c\u003e.reserve() calls\n * Added NULL check for hatch code 93\n * Fix bounds check in DRW_LWPolyline\n * fix, check maxClassNum for valid value\n * fixed wrong 2010+ check for 64-bit size\n * Set compiler warnings on by default, because makes harder for bugs to go undetected. \tmodified: CMakeLists.txt\n * Fixed fall through and other warnings (#54)\n * fix \u0027Vertex ID\u0027 printout\n\n- Update to version 1.0.1+git.20211110:\n\n * fixed heap use after free vulnerability CVE-2021-21900 (boo#1192938)\n * minor improvements to dwg2dxf, formatting and message output on success\n * fixed heap buffer overflow vulnerability CVE-2021-21899 (boo#1192937)\n * dwg2dxf - enable debug output of libdxfrw by command line switch\n * fixed out-of-bounds write vulnerability CVE-2021-21898 (boo#1192936)\n * fixed please note section formatting\n * updated README.md for LibreCAD_3 branch and sf.net successor\n * fixed LibreCAD 2 issue #1371, read failed with binary DXF\n * Use ununordered_map instead of map\n * manual merge changes from LibreCAD2\n * and much more\n\n- Update to version 1.0.1+git.20200429:\n\n * Fix includes install dir\n * Export target as libdxfrw::libdxfrw to keep consistency with Conan packages\n * Add archive destination in install\n * Install DXFRW::dxfrw target\n * Remove duplicate target properties\n * Remove version from pkg-config file\n * Let CMake handle C++11 compiler definition\n * Change minimal required CMake version to 3.0\n * cmake: add doc target\n * README.md: fix typo\n * cmake: generate and install pkgconfig\n * cmake: add one for dwg2dxf\n * cmake: set library VERSIONs\n * cmake: use GNUInstallDirs\n\n- Update to version 0.6.3+git.20190501:\n\n * Add build status and update example link\n * Add Travis-CI script\n * [#10] Fix compilation on GCC\n * Fix bugs with .dwg import of TEXT and MTEXT entities\n * This was unnecessary\n * Link libdxfrw against libstdc++\n * Return an error when the file ends prematurely\n * Add version getter\n * Fix polyline 2d/3d write\n * Initialize return buffers in GetRawChar8 et al.\n\n- update to 2.2.0-rc3\n\n * major release\n * DWG imports are more reliable now\n * and a lot more of bugfixes and improvements\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-67",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0067-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0067-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6TWLTKRSHNPCLQL7UXQSITHNYJT5XSK5/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0067-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6TWLTKRSHNPCLQL7UXQSITHNYJT5XSK5/"
},
{
"category": "self",
"summary": "SUSE Bug 1192936",
"url": "https://bugzilla.suse.com/1192936"
},
{
"category": "self",
"summary": "SUSE Bug 1192937",
"url": "https://bugzilla.suse.com/1192937"
},
{
"category": "self",
"summary": "SUSE Bug 1192938",
"url": "https://bugzilla.suse.com/1192938"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21898 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21899 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21900 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21900/"
}
],
"title": "Security update for libdxfrw, librecad",
"tracking": {
"current_release_date": "2022-03-02T21:21:30Z",
"generator": {
"date": "2022-03-02T21:21:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0067-1",
"initial_release_date": "2022-03-02T21:21:30Z",
"revision_history": [
{
"date": "2022-03-02T21:21:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"product": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"product_id": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"product": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"product_id": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"product": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"product_id": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"product": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"product_id": "librecad-2.2.0~rc3-bp153.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"product": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"product_id": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"product": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"product_id": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"product": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"product_id": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"product": {
"name": "librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"product_id": "librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"product": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"product_id": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"product": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"product_id": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"product": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"product_id": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"product": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"product_id": "librecad-2.2.0~rc3-bp153.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"product": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"product_id": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"product": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"product_id": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"product": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"product_id": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"product": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"product_id": "librecad-2.2.0~rc3-bp153.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"product": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"product_id": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"product": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"product_id": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"product": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"product_id": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"product": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"product_id": "librecad-2.2.0~rc3-bp153.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64"
},
"product_reference": "librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le"
},
"product_reference": "librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x"
},
"product_reference": "librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64"
},
"product_reference": "librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
},
"product_reference": "librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64"
},
"product_reference": "libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64"
},
"product_reference": "librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le"
},
"product_reference": "librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x"
},
"product_reference": "librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-2.2.0~rc3-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64"
},
"product_reference": "librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
},
"product_reference": "librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-21898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21898"
}
],
"notes": [
{
"category": "general",
"text": "A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21898",
"url": "https://www.suse.com/security/cve/CVE-2021-21898"
},
{
"category": "external",
"summary": "SUSE Bug 1192936 for CVE-2021-21898",
"url": "https://bugzilla.suse.com/1192936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-02T21:21:30Z",
"details": "important"
}
],
"title": "CVE-2021-21898"
},
{
"cve": "CVE-2021-21899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21899"
}
],
"notes": [
{
"category": "general",
"text": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21899",
"url": "https://www.suse.com/security/cve/CVE-2021-21899"
},
{
"category": "external",
"summary": "SUSE Bug 1192937 for CVE-2021-21899",
"url": "https://bugzilla.suse.com/1192937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-02T21:21:30Z",
"details": "important"
}
],
"title": "CVE-2021-21899"
},
{
"cve": "CVE-2021-21900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21900"
}
],
"notes": [
{
"category": "general",
"text": "A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21900",
"url": "https://www.suse.com/security/cve/CVE-2021-21900"
},
{
"category": "external",
"summary": "SUSE Bug 1192938 for CVE-2021-21900",
"url": "https://bugzilla.suse.com/1192938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-devel-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw-tools-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.i586",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:libdxfrw1-1.0.1+git.20220109-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:librecad-2.2.0~rc3-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:librecad-parts-2.2.0~rc3-bp153.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-02T21:21:30Z",
"details": "important"
}
],
"title": "CVE-2021-21900"
}
]
}
opensuse-su-2024:11697-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libdxfrw-devel-1.0.1+git.20211110-1.1 on GA media
Notes
Title of the patch
libdxfrw-devel-1.0.1+git.20211110-1.1 on GA media
Description of the patch
These are all security issues fixed in the libdxfrw-devel-1.0.1+git.20211110-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11697
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libdxfrw-devel-1.0.1+git.20211110-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libdxfrw-devel-1.0.1+git.20211110-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11697",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11697-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21898 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21899 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21899/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21900 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21900/"
}
],
"title": "libdxfrw-devel-1.0.1+git.20211110-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11697-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"product": {
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"product_id": "libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"product": {
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"product_id": "libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"product": {
"name": "libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"product_id": "libdxfrw1-1.0.1+git.20211110-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"product": {
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"product_id": "libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"product": {
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"product_id": "libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"product": {
"name": "libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"product_id": "libdxfrw1-1.0.1+git.20211110-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"product": {
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"product_id": "libdxfrw-devel-1.0.1+git.20211110-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"product": {
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"product_id": "libdxfrw-tools-1.0.1+git.20211110-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"product": {
"name": "libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"product_id": "libdxfrw1-1.0.1+git.20211110-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"product": {
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"product_id": "libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"product": {
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"product_id": "libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libdxfrw1-1.0.1+git.20211110-1.1.x86_64",
"product": {
"name": "libdxfrw1-1.0.1+git.20211110-1.1.x86_64",
"product_id": "libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64"
},
"product_reference": "libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64"
},
"product_reference": "libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20211110-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64"
},
"product_reference": "libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20211110-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le"
},
"product_reference": "libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20211110-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x"
},
"product_reference": "libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libdxfrw1-1.0.1+git.20211110-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
},
"product_reference": "libdxfrw1-1.0.1+git.20211110-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-21898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21898"
}
],
"notes": [
{
"category": "general",
"text": "A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21898",
"url": "https://www.suse.com/security/cve/CVE-2021-21898"
},
{
"category": "external",
"summary": "SUSE Bug 1192936 for CVE-2021-21898",
"url": "https://bugzilla.suse.com/1192936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-21898"
},
{
"cve": "CVE-2021-21899",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21899"
}
],
"notes": [
{
"category": "general",
"text": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21899",
"url": "https://www.suse.com/security/cve/CVE-2021-21899"
},
{
"category": "external",
"summary": "SUSE Bug 1192937 for CVE-2021-21899",
"url": "https://bugzilla.suse.com/1192937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-21899"
},
{
"cve": "CVE-2021-21900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21900"
}
],
"notes": [
{
"category": "general",
"text": "A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21900",
"url": "https://www.suse.com/security/cve/CVE-2021-21900"
},
{
"category": "external",
"summary": "SUSE Bug 1192938 for CVE-2021-21900",
"url": "https://bugzilla.suse.com/1192938"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-devel-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw-tools-1.0.1+git.20211110-1.1.x86_64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.aarch64",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.ppc64le",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.s390x",
"openSUSE Tumbleweed:libdxfrw1-1.0.1+git.20211110-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-21900"
}
]
}
ghsa-xwm9-c4jc-crcp
Vulnerability from github
Published
2022-05-24 19:21
Modified
2022-05-24 19:21
Severity ?
VLAI Severity ?
Details
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-21899"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-19T19:15:00Z",
"severity": "HIGH"
},
"details": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-xwm9-c4jc-crcp",
"modified": "2022-05-24T19:21:07Z",
"published": "2022-05-24T19:21:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21899"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-26"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5077"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
gsd-2021-21899
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-21899",
"description": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GSD-2021-21899",
"references": [
"https://www.suse.com/security/cve/CVE-2021-21899.html",
"https://www.debian.org/security/2022/dsa-5077",
"https://security.archlinux.org/CVE-2021-21899",
"https://advisories.mageia.org/CVE-2021-21899.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-21899"
],
"details": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GSD-2021-21899",
"modified": "2023-12-13T01:23:10.787876Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2021-21899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibreCAD",
"version": {
"version_data": [
{
"version_value": "LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350"
},
{
"name": "FEDORA-2021-fa9e3c23f2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/"
},
{
"name": "FEDORA-2021-67c946a9f3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/"
},
{
"name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2838-1] librecad security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html"
},
{
"name": "DSA-5077",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5077"
},
{
"name": "GLSA-202305-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202305-26"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:librecad:libdxfrw:2.2.0-rc2-19-ge02f3580:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2021-21899"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350"
},
{
"name": "FEDORA-2021-fa9e3c23f2",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/"
},
{
"name": "FEDORA-2021-67c946a9f3",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTIAMP7QJDKV4ADDLR4GVVX2TXYLHVOZ/"
},
{
"name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2838-1] librecad security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00002.html"
},
{
"name": "DSA-5077",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5077"
},
{
"name": "GLSA-202305-26",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202305-26"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-05-21T22:15Z",
"publishedDate": "2021-11-19T19:15Z"
}
}
}
cnvd-2021-92473
Vulnerability from cnvd
Title
LibreCad缓冲区溢出漏洞(CNVD-2021-92473)
Description
LibreCAD是LibreCAD组织的一款开源的CAD(计算机辅助设计)应用程序。
LibreCad libdxfrw 中存在缓冲区错误漏洞,该漏洞源于产品的dwgCompressor::copyCompBytes21函数未能正确处理特殊的输入数据。攻击者可通过该漏洞导致堆缓冲区溢出。
Severity
中
VLAI Severity ?
Patch Name
LibreCad缓冲区溢出漏洞的补丁
Patch Description
LibreCAD是LibreCAD组织的一款开源的CAD(计算机辅助设计)应用程序。
LibreCad libdxfrw 中存在缓冲区错误漏洞,该漏洞源于产品的dwgCompressor::copyCompBytes21函数未能正确处理特殊的输入数据。攻击者可通过该漏洞导致堆缓冲区溢出。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://librecad.org/
Reference
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
Impacted products
| Name | LibreCAD LibreCAD |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-21899"
}
},
"description": "LibreCAD\u662fLibreCAD\u7ec4\u7ec7\u7684\u4e00\u6b3e\u5f00\u6e90\u7684CAD\uff08\u8ba1\u7b97\u673a\u8f85\u52a9\u8bbe\u8ba1\uff09\u5e94\u7528\u7a0b\u5e8f\u3002\n\nLibreCad libdxfrw \u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u7684dwgCompressor\uff1a\uff1acopyCompBytes21\u51fd\u6570\u672a\u80fd\u6b63\u786e\u5904\u7406\u7279\u6b8a\u7684\u8f93\u5165\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://librecad.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-92473",
"openTime": "2021-11-30",
"patchDescription": "LibreCAD\u662fLibreCAD\u7ec4\u7ec7\u7684\u4e00\u6b3e\u5f00\u6e90\u7684CAD\uff08\u8ba1\u7b97\u673a\u8f85\u52a9\u8bbe\u8ba1\uff09\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nLibreCad libdxfrw \u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u7684dwgCompressor\uff1a\uff1acopyCompBytes21\u51fd\u6570\u672a\u80fd\u6b63\u786e\u5904\u7406\u7279\u6b8a\u7684\u8f93\u5165\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "LibreCad\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "LibreCAD LibreCAD"
},
"referenceLink": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350",
"serverity": "\u4e2d",
"submitTime": "2021-11-22",
"title": "LibreCad\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-92473\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…