Описание
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cloudcompare | fixed | 2.11.3-7.1 | package | |
| cloudcompare | no-dsa | bullseye | package | |
| cloudcompare | no-dsa | buster | package | |
| dxflib | fixed | 3.26.4-1 | package | |
| dxflib | no-dsa | bullseye | package | |
| dxflib | no-dsa | buster | package | |
| dxflib | no-dsa | stretch | package | |
| horizon-eda | unfixed | package | ||
| librecad | unfixed | package |
Примечания
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8
Связанные уязвимости
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Уязвимость функционала DL_Dxf::handleLWPolylineData библиотеки парсинга DXF файлов Dxflib, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании