Name | CVE-2018-19105 |
Description | LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DLA-1776-1 |
Debian Bugs | 928477 |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
librecad (PTS) | bullseye (security), bullseye | 2.1.3-1.3+deb11u1 | fixed |
| bookworm | 2.2.0-1 | fixed |
| sid, trixie | 2.2.0.2-1 | fixed |
The information below is based on the following data on fixed versions.
Notes
https://code610.blogspot.com/2018/11/crashing-librecad-213.html
https://github.com/LibreCAD/LibreCAD/issues/1038
Fixed by https://github.com/LibreCAD/LibreCAD/commit/6da7cc5f7f31afb008f03dbd11e07207ccd82085
Regression fix https://github.com/LibreCAD/LibreCAD/commit/8604f171ee380f294102da6154adf77ab754d403