Описание
Security update for libdxfrw, librecad
This update for libdxfrw, librecad fixes the following issues:
-
Update to version 1.0.1+git.20220109:
- fixed ambiguous error for DRW_Dimension::parseDwg()
- fixed enless while()-loop for pre 2004 versions
- dwgReader::readDwgObjects() stop reading after 1st error
- dwgReader::readDwgEntities() stop reading after 1st error
- replace ENTRY_PARSE macro with template method
- remove unused DRW_Class::parseCode() method
- protect vector<>.reserve() calls
- Added NULL check for hatch code 93
- Fix bounds check in DRW_LWPolyline
- fix, check maxClassNum for valid value
- fixed wrong 2010+ check for 64-bit size
- Set compiler warnings on by default, because makes harder for bugs to go undetected. modified: CMakeLists.txt
- Fixed fall through and other warnings (#54)
- fix 'Vertex ID' printout
-
Update to version 1.0.1+git.20211110:
- fixed heap use after free vulnerability CVE-2021-21900 (boo#1192938)
- minor improvements to dwg2dxf, formatting and message output on success
- fixed heap buffer overflow vulnerability CVE-2021-21899 (boo#1192937)
- dwg2dxf - enable debug output of libdxfrw by command line switch
- fixed out-of-bounds write vulnerability CVE-2021-21898 (boo#1192936)
- fixed please note section formatting
- updated README.md for LibreCAD_3 branch and sf.net successor
- fixed LibreCAD 2 issue #1371, read failed with binary DXF
- Use ununordered_map instead of map
- manual merge changes from LibreCAD2
- and much more
-
Update to version 1.0.1+git.20200429:
- Fix includes install dir
- Export target as libdxfrw::libdxfrw to keep consistency with Conan packages
- Add archive destination in install
- Install DXFRW::dxfrw target
- Remove duplicate target properties
- Remove version from pkg-config file
- Let CMake handle C++11 compiler definition
- Change minimal required CMake version to 3.0
- cmake: add doc target
- README.md: fix typo
- cmake: generate and install pkgconfig
- cmake: add one for dwg2dxf
- cmake: set library VERSIONs
- cmake: use GNUInstallDirs
-
Update to version 0.6.3+git.20190501:
- Add build status and update example link
- Add Travis-CI script
- [#10] Fix compilation on GCC
- Fix bugs with .dwg import of TEXT and MTEXT entities
- This was unnecessary
- Link libdxfrw against libstdc++
- Return an error when the file ends prematurely
- Add version getter
- Fix polyline 2d/3d write
- Initialize return buffers in GetRawChar8 et al.
-
update to 2.2.0-rc3
- major release
- DWG imports are more reliable now
- and a lot more of bugfixes and improvements
Список пакетов
SUSE Package Hub 15 SP3
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2022:0067-1
- SUSE Security Ratings
- SUSE Bug 1192936
- SUSE Bug 1192937
- SUSE Bug 1192938
- SUSE CVE CVE-2021-21898 page
- SUSE CVE CVE-2021-21899 page
- SUSE CVE CVE-2021-21900 page
Описание
A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2021-21898
- SUSE Bug 1192936
Описание
A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2021-21899
- SUSE Bug 1192937
Описание
A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2021-21900
- SUSE Bug 1192938