Bug#1010349: librecad: CVE-2021-21897 - heap-based buffer overflow loading a DXF file via embedded dxflib

Am Sat, May 28, 2022 at 06:36:29PM +0200 schrieb Sylvain Beucler: > Hello Neil, > > I'm triaging this vulnerability for Debian LTS / stretch. > > It appears librecad is not affected (all dists): > > - the package uses system dxflib, cf. debian/patches/debian_build.patch But is that

Bug#1010349: librecad: CVE-2021-21897 - heap-based buffer overflow loading a DXF file via embedded dxflib

Hello Neil, I'm triaging this vulnerability for Debian LTS / stretch. It appears librecad is not affected (all dists): - the package uses system dxflib, cf. debian/patches/debian_build.patch - while there appears to be similar vulnerable code in libraries/jwwlib/src/dl_jww-copy.cpp (grep for

Bug#1010349: librecad: CVE-2021-21897 - heap-based buffer overflow loading a DXF file via embedded dxflib

Source: librecad Version: 2.1.3-3 Severity: important Tags: security X-Debbugs-Cc: codeh...@debian.org, Debian Security Team Hi, The following vulnerability was published for librecad. CVE-2021-21897[0]: | A code execution vulnerability exists in the | DL_Dxf::handleLWPolylineData