7.8

CVE-2021-45342

Exploit

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

Data is provided by the National Vulnerability Database (NVD)
LibrecadLibrecad Version <= 2.1.3
LibrecadLibrecad Version2.2.0 Updatealpha
LibrecadLibrecad Version2.2.0 Updaterc1
LibrecadLibrecad Version2.2.0 Updaterc2
LibrecadLibrecad Version2.2.0 Updaterc3
FedoraprojectFedora Version34
FedoraprojectFedora Version35
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.74% 0.817
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://github.com/LibreCAD/LibreCAD/issues/1464
Third Party Advisory
Exploit
Issue Tracking