Vulnerability Details CVE-2021-45341
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.3
References
- https://github.com/LibreCAD/LibreCAD/issues/1462
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCC2FZ6HZOIK3775K4MTCOUHX6PLGPEL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/
- https://security.gentoo.org/glsa/202305-26
- https://www.debian.org/security/2022/dsa-5077
- https://github.com/LibreCAD/LibreCAD/issues/1462
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCC2FZ6HZOIK3775K4MTCOUHX6PLGPEL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/
- https://security.gentoo.org/glsa/202305-26
- https://www.debian.org/security/2022/dsa-5077
Products affected by CVE-2021-45341
-
cpe:2.3:a:librecad:librecad:1.0.0
-
cpe:2.3:a:librecad:librecad:1.0.1
-
cpe:2.3:a:librecad:librecad:1.0.2
-
cpe:2.3:a:librecad:librecad:1.0.3
-
cpe:2.3:a:librecad:librecad:1.0.4
-
cpe:2.3:a:librecad:librecad:2.0.0
-
cpe:2.3:a:librecad:librecad:2.0.1
-
cpe:2.3:a:librecad:librecad:2.0.10
-
cpe:2.3:a:librecad:librecad:2.0.11
-
cpe:2.3:a:librecad:librecad:2.0.2
-
cpe:2.3:a:librecad:librecad:2.0.3
-
cpe:2.3:a:librecad:librecad:2.0.4
-
cpe:2.3:a:librecad:librecad:2.0.5
-
cpe:2.3:a:librecad:librecad:2.0.6
-
cpe:2.3:a:librecad:librecad:2.0.7
-
cpe:2.3:a:librecad:librecad:2.0.8
-
cpe:2.3:a:librecad:librecad:2.0.9
-
cpe:2.3:a:librecad:librecad:2.1.0
-
cpe:2.3:a:librecad:librecad:2.1.1
-
cpe:2.3:a:librecad:librecad:2.1.2
-
cpe:2.3:a:librecad:librecad:2.1.3
-
cpe:2.3:a:librecad:librecad:2.2.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35