Mariusz-kruszynski-it / QGIS

QGIS is a free, open source, cross platform (lin/win/mac) geographical information system (GIS)
https://qgis.org
GNU General Public License v2.0
0 stars 0 forks source link

QGISfinal-3_32_0: 1 vulnerabilities (highest severity is: 8.8) - autoclosed #9

Closed mend-for-github-com[bot] closed 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - QGISfinal-3_32_0

QGIS is a free, open source, cross platform (lin/win/mac) geographical information system (GIS)

Library home page: https://github.com/qgis/QGIS.git

Vulnerable Source Files (1)

/external/libdxfrw/intern/dwgreader18.h

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (QGISfinal version) Remediation Available
CVE-2021-21898 High 8.8 QGISfinal-3_32_0 Direct No_FIX

Details

CVE-2021-21898 ### Vulnerable Library - QGISfinal-3_32_0

QGIS is a free, open source, cross platform (lin/win/mac) geographical information system (GIS)

Library home page: https://github.com/qgis/QGIS.git

Found in base branch: master

### Vulnerable Source Files (1)

/external/libdxfrw/intern/dwgreader18.h

### Vulnerability Details

A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

Publish Date: 2021-11-19

URL: CVE-2021-21898

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21898

Release Date: 2021-11-19

Fix Resolution: No_FIX

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #11

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #11

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically closed by Mend because it is a duplicate of an existing issue: #11