librecad 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー and vendor risk memory corruption があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact memory corruption and アプリケーションクラッシュ などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-30259 | A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file. | [email protected] | 5.5 | 0.03% | 2023-06-28 | 2024-11-21 |
| CVE-2021-45343 | In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. | [email protected] | 5.5 | 0.30% | 2022-01-25 | 2024-11-21 |
| CVE-2021-45342 | A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | [email protected] | 7.8 | 2.62% | 2022-01-25 | 2024-11-21 |
| CVE-2021-45341 | A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | [email protected] | 8.8 | 6.19% | 2022-01-25 | 2024-11-21 |
| CVE-2021-21898 | A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 8.8 | 1.93% | 2021-11-19 | 2024-11-21 |
| CVE-2021-21900 | A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 8.8 | 1.62% | 2021-11-19 | 2024-11-21 |
| CVE-2021-21899 | A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | [email protected] | 8.8 | 2.83% | 2021-11-19 | 2024-11-21 |
| CVE-2018-19105 | LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file. | [email protected] | 7.8 | 0.32% | 2018-11-08 | 2024-11-21 |