Bug 2080983 (CVE-2021-21897)
Summary: | CVE-2021-21897 libdxflib: heap-based buffer overflow in the DL_Dxf:handleLWPolylineData function | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED UPSTREAM | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | code, hobbes1069, mhroncok, samuel.rakitnican, spotrh |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-02 18:15:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2080988, 2080984, 2080985, 2080986, 2080987 | ||
Bug Blocks: |
Description
Marian Rehak
2022-05-02 14:11:56 UTC
Created cloudcompare tracking bugs for this issue: Affects: fedora-all [bug 2080986] Created libdxflib tracking bugs for this issue: Affects: epel-7 [bug 2080985] Affects: fedora-all [bug 2080984] Created librecad tracking bugs for this issue: Affects: epel-all [bug 2080988] Affects: fedora-all [bug 2080987] This one is a little annoying because the linked disclosure reports the issue is fixed: > 2021-08-04 - Vendor Disclosure > 2021-08-21 - Follow up with vendor > 2021-08-27 - Vendor patched > > 2021-09-07 - Public Release but does not give a dxflib version number containing the fix nor a link to the relevant patch. Looking at the commit history of src/3rdparty/dxflib/src/dl_dxf.cpp, comparing commit messages against the disclosure description, and cross-checking dates, it appears that https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8 is the fix. This commit is included in dxflib v3.26.4.6 and later. Inspection of the source contents shows that the fix from that commit is already in the 3.26.4 release as packaged in the libdxflib package in all Fedora and EPEL releases except F36—where it is available in testing, but is held up by the Final Freeze. This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products. |