CVE-2021-21899 - log back

CVE-2021-21899 edited at 19 Nov 2021 21:36:59
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
References
+ https://talosintelligence.com/vulnerability_reports/TALOS-2021-1350
+ https://github.com/LibreCAD/libdxfrw/commit/6417118874333309aa10c4e59f954c3905a6e8b5
+ https://github.com/LibreCAD/LibreCAD/commit/33b34d4a4acb7a681462626ef442013528c69faa
CVE-2021-21899 created at 19 Nov 2021 21:30:45