mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #11
Closed mend-for-github-com[bot] closed 1 year ago
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #11
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #11
mend-for-github-com[bot]
commented
1 year ago :information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #11
QGIS is a free, open source, cross platform (lin/win/mac) geographical information system (GIS)
Library home page: https://github.com/qgis/QGIS.git
Vulnerabilities
Details
CVE-2021-21898
### Vulnerable Library - QGISfinal-3_32_0QGIS is a free, open source, cross platform (lin/win/mac) geographical information system (GIS)
Library home page: https://github.com/qgis/QGIS.git
Found in base branch: master
### Vulnerable Source Files (1)
/external/libdxfrw/intern/dwgreader18.h
### Vulnerability DetailsA code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Publish Date: 2021-11-19
URL: CVE-2021-21898
### CVSS 3 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21898
Release Date: 2021-11-19
Fix Resolution: No_FIX