{"id":"MGASA-2022-0151","summary":"Updated libdxfrw packages fix security vulnerability","details":"A code execution vulnerability exists in the dwgCompressor::decompress18()\nfunctionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted\n.dwg file can lead to an out-of-bounds write. An attacker can provide a \nmalicious file to trigger this vulnerability. (CVE-2021-21898)\n\nA code execution vulnerability exists in the dwgCompressor::copyCompBytes21\nfunctionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted\n.dwg file can lead to a heap buffer overflow. An attacker can provide a\nmalicious file to trigger this vulnerability. (CVE-2021-21899)\n\nA code execution vulnerability exists in the dxfRW::processLType()\nfunctionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted\n.dxf file can lead to a use-after-free vulnerability. An attacker can provide\na malicious file to trigger this vulnerability. (CVE-2021-21900)\n\nIn LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw\nallows an attacker to crash the application using a crafted DXF document.\n(CVE-2021-45343)\n","modified":"2026-04-16T04:44:29.301389194Z","published":"2022-04-24T10:43:54Z","upstream":["CVE-2021-21898","CVE-2021-21899","CVE-2021-21900","CVE-2021-45343"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0151.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29720"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RDI3HCTCACMIC7I4ILB3NRU6DCMADI5H/"},{"type":"WEB","url":"https://www.debian.org/lts/security/2021/dla-2838"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6TWLTKRSHNPCLQL7UXQSITHNYJT5XSK5/"}],"affected":[{"package":{"name":"libdxfrw","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/libdxfrw?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.1-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0151.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}