Package "librecad"
Name: |
librecad
|
Description: |
Computer-aided design (CAD) system
|
Latest version: |
2.1.2-1ubuntu0.1 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
http://www.librecad.org/ |
Links
Download "librecad"
Other versions of "librecad" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
librecad (2.1.2-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: DoS due to write access violation in libdxfrw
- debian/patches/CVE-2018-19105.patch: prevent write access
violation when a malicious DXF is read in
libraries/libdxfrw/src/drw_header.cpp and
libraries/libdxfrw/src/libdxfrw.cpp.
- CVE-2018-19105
* SECURITY UPDATE: code execution due to heap overflow in copyCompBytes18
- debian/patches/CVE-2021-21898.patch: perform bound checking when
processing a DWG file through dwgCompressor::decompress18 in
src/intern/dwgreader18.cpp, src/intern/dwgreader18.h,
src/intern/dwgutil.cpp and src/intern/dwgutil.h.
- CVE-2021-21898
* SECURITY UPDATE: code execution due to heap overflow in copyCompBytes21
- debian/patches/CVE-2021-21899.patch: perform bound checking when
processing a DWG file through dwgCompressor::decompress21 in
src/intern/dwgreader21.cpp, src/intern/dwgutil.cpp and
src/intern/dwgutil.h.
- CVE-2021-21899
* SECURITY UPDATE: heap use-after-free in DRW_TableEntry::parseCode
- debian/patches/CVE-2021-21900.patch: allow any coordinate order
in when processing a DRW file through DRW_TableEntry::parseCode
in src/drw_objects.cpp and src/drw_objects.h.
- CVE-2021-21900
* SECURITY UPDATE: code execution due to stack overflow in CDataMoji
- debian/patches/CVE-2021-45341.patch: perform bound checking
when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
- CVE-2021-45341
* SECURITY UPDATE: code execution due to stack overflow in CDataList
- debian/patches/CVE-2021-45342.patch: perform bound checking
when processing JWW files in libraries/jwwlib/src/jwwdoc.h.
- CVE-2021-45342
* SECURITY UPDATE: DoS due to NULL pointer dereference in DXF parser
- debian/patches/CVE-2021-45343.patch: add NULL check when
handling hatch code 93 in
libraries/libdxfrw/src/drw_entities.cpp.
- CVE-2021-45343
-- David Fernandez Gonzalez <email address hidden> Mon, 13 Mar 2023 09:44:40 +0100
|
CVE-2018-19105 |
LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspec |
CVE-2021-21898 |
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-cra |
CVE-2021-21899 |
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-cr |
CVE-2021-21900 |
A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dx |
CVE-2021-45341 |
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execut |
CVE-2021-45342 |
A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execut |
CVE-2021-45343 |
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF docum |
|
About
-
Send Feedback to @ubuntu_updates