A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Reference: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1346
Created cloudcompare tracking bugs for this issue: Affects: fedora-all [bug 2080986] Created libdxflib tracking bugs for this issue: Affects: epel-7 [bug 2080985] Affects: fedora-all [bug 2080984] Created librecad tracking bugs for this issue: Affects: epel-all [bug 2080988] Affects: fedora-all [bug 2080987]
This one is a little annoying because the linked disclosure reports the issue is fixed: > 2021-08-04 - Vendor Disclosure > 2021-08-21 - Follow up with vendor > 2021-08-27 - Vendor patched > > 2021-09-07 - Public Release but does not give a dxflib version number containing the fix nor a link to the relevant patch. Looking at the commit history of src/3rdparty/dxflib/src/dl_dxf.cpp, comparing commit messages against the disclosure description, and cross-checking dates, it appears that https://github.com/qcad/qcad/commit/1eeffc5daf5a06cf6213ffc19e95923cdebb2eb8 is the fix. This commit is included in dxflib v3.26.4.6 and later. Inspection of the source contents shows that the fix from that commit is already in the 3.26.4 release as packaged in the libdxflib package in all Fedora and EPEL releases except F36—where it is available in testing, but is held up by the Final Freeze.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.