UbuntuUpdates.org

Package "librecad"

Name: librecad

Description:

Computer-aided design (CAD) system
Latest version: 2.1.2-1ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://www.librecad.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "librecad"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "librecad" in Bionic

Repository Area Version
base universe 2.1.2-1
updates universe 2.1.2-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.2-1ubuntu0.1 2023-03-16 12:06:58 UTC

  librecad (2.1.2-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: DoS due to write access violation in libdxfrw
    - debian/patches/CVE-2018-19105.patch: prevent write access
      violation when a malicious DXF is read in
      libraries/libdxfrw/src/drw_header.cpp and
      libraries/libdxfrw/src/libdxfrw.cpp.
    - CVE-2018-19105
  * SECURITY UPDATE: code execution due to heap overflow in copyCompBytes18
    - debian/patches/CVE-2021-21898.patch: perform bound checking when
      processing a DWG file through dwgCompressor::decompress18 in
      src/intern/dwgreader18.cpp, src/intern/dwgreader18.h,
      src/intern/dwgutil.cpp and src/intern/dwgutil.h.
    - CVE-2021-21898
  * SECURITY UPDATE: code execution due to heap overflow in copyCompBytes21
    - debian/patches/CVE-2021-21899.patch: perform bound checking when
      processing a DWG file through dwgCompressor::decompress21 in
      src/intern/dwgreader21.cpp, src/intern/dwgutil.cpp and
      src/intern/dwgutil.h.
    - CVE-2021-21899
  * SECURITY UPDATE: heap use-after-free in DRW_TableEntry::parseCode
    - debian/patches/CVE-2021-21900.patch: allow any coordinate order
      in when processing a DRW file through DRW_TableEntry::parseCode
      in src/drw_objects.cpp and src/drw_objects.h.
    - CVE-2021-21900
  * SECURITY UPDATE: code execution due to stack overflow in CDataMoji
    - debian/patches/CVE-2021-45341.patch: perform bound checking
      when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
    - CVE-2021-45341
  * SECURITY UPDATE: code execution due to stack overflow in CDataList
    - debian/patches/CVE-2021-45342.patch: perform bound checking
      when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
    - CVE-2021-45342
  * SECURITY UPDATE: DoS due to NULL pointer dereference in DXF parser
    - debian/patches/CVE-2021-45343.patch: add NULL check when
      handling hatch code 93 in
      libraries/libdxfrw/src/drw_entities.cpp.
    - CVE-2021-45343

 -- David Fernandez Gonzalez <email address hidden> Mon, 13 Mar 2023 09:44:40 +0100
CVE-2018-19105 LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspec
CVE-2021-21898 A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-cra
CVE-2021-21899 A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-cr
CVE-2021-21900 A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dx
CVE-2021-45341 A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execut
CVE-2021-45342 A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execut
CVE-2021-45343 In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF docum


About   -   Send Feedback to @ubuntu_updates