Vulnerability roundup 111: librecad-2.2.0-rc2: 2 advisories [8.8]

[ckauhaus]

search, files

• [ ] CVE-2021-45341 CVSSv3=8.8 (nixos-21.11, nixos-unstable)
• [ ] CVE-2021-45342 CVSSv3=7.8 (nixos-21.11, nixos-unstable)

CVE details

CVE-2021-45341

A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

CVE-2021-45342

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

---

Scanned versions: nixos-21.11: 2128d0aa28e; nixos-unstable: 5aaed40d22f.

Cc @Kiwi Cc @viric

[LeSuisse]

Fixed in 6896348d0fad85cfa3975d729b0279537981edfb and 57e6253b8c03e3bbf95e798085ee0fcf73fa6870.