{"id":"USN-5957-1","summary":"librecad vulnerabilities","details":"Cody Sixteen discovered that LibreCAD incorrectly\nhandled memory when parsing DXF files. An attacker could\nuse this issue to cause LibreCAD to crash, leading to a\ndenial of service. This issue only affected\nUbuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-19105)\n\nLilith of Cisco Talos discovered that LibreCAD incorrectly\nhandled memory when parsing DWG files. An attacker could\nuse this issue to cause LibreCAD to crash, leading to a\ndenial of service, or possibly execute arbitrary code.\n(CVE-2021-21898, CVE-2021-21899)\n\nLilith of Cisco Talos discovered that LibreCAD incorrectly\nhandled memory when parsing DRW files. An attacker could\nuse this issue to cause LibreCAD to crash, leading to a\ndenial of service, or possibly execute arbitrary code.\n(CVE-2021-21900)\n\nAlbin Eldstål-Ahrens discovered that LibreCAD incorrectly\nhandled memory when parsing JWW files. An attacker could\nuse this issue to cause LibreCAD to crash, leading to a\ndenial of service, or possibly execute arbitrary code.\n(CVE-2021-45341, CVE-2021-45342)\n\nAlbin Eldstål-Ahrens discovered that LibreCAD incorrectly\nhandled memory when parsing DXF files. An attacker could\nuse this issue to cause LibreCAD to crash, leading to a\ndenial of service. (CVE-2021-45343)\n","modified":"2026-04-27T16:47:19.479916374Z","published":"2023-03-15T16:20:03Z","related":["UBUNTU-CVE-2018-19105","UBUNTU-CVE-2021-21898","UBUNTU-CVE-2021-21899","UBUNTU-CVE-2021-21900","UBUNTU-CVE-2021-45341","UBUNTU-CVE-2021-45342","UBUNTU-CVE-2021-45343"],"upstream":["CVE-2018-19105","CVE-2021-21898","CVE-2021-21899","CVE-2021-21900","CVE-2021-45341","CVE-2021-45342","CVE-2021-45343","UBUNTU-CVE-2018-19105","UBUNTU-CVE-2021-21898","UBUNTU-CVE-2021-21899","UBUNTU-CVE-2021-21900","UBUNTU-CVE-2021-45341","UBUNTU-CVE-2021-45342","UBUNTU-CVE-2021-45343"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5957-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19105"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-21898"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-21899"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-21900"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-45341"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-45342"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-45343"}],"affected":[{"package":{"name":"librecad","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/librecad@2.0.9-2ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.9-2ubuntu0.1~esm1"}]}],"versions":["2.0.4-1build1","2.0.8-1","2.0.9-2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.0.9-2ubuntu0.1~esm1","binary_name":"librecad"},{"binary_version":"2.0.9-2ubuntu0.1~esm1","binary_name":"librecad-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5957-1.json","cves_map":{"cves":[{"id":"CVE-2018-19105","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-21898","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-21899","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-21900","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-45341","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-45342","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-45343","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"librecad","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/librecad@2.1.2-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.2-1ubuntu0.1~esm1"}]}],"versions":["2.1.2-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"2.1.2-1ubuntu0.1~esm1","binary_name":"librecad"},{"binary_version":"2.1.2-1ubuntu0.1~esm1","binary_name":"librecad-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5957-1.json","cves_map":{"cves":[{"id":"CVE-2018-19105","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-21898","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-21899","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-45341","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-45342","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-45343","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"librecad","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/librecad@2.1.3-1.2+deb10u1build0.20.04.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.3-1.2+deb10u1build0.20.04.1"}]}],"versions":["2.1.3-1.2","2.1.3-1.2build1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.1.3-1.2+deb10u1build0.20.04.1","binary_name":"librecad"},{"binary_version":"2.1.3-1.2+deb10u1build0.20.04.1","binary_name":"librecad-data"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5957-1.json","cves_map":{"cves":[{"id":"CVE-2021-21898","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-21899","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-21900","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2021-45341","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-45342","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-45343","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:20.04:LTS"}}}],"schema_version":"1.7.5"}