830385 – (CVE-2021-45950) media-gfx/libredwg: OOB write

Bug 830385 (CVE-2021-45950) - media-gfx/libredwg: OOB write

Summary: media-gfx/libredwg: OOB write

Status:	RESOLVED INVALID

Alias:	CVE-2021-45950

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://bugs.chromium.org/p/oss-fuzz/...
Whiteboard:	~2 [upstream?]
Keywords:

Depends on:
Blocks:

Reported:	2022-01-01 09:09 UTC by John Helmert III
Modified:	2022-01-02 06:23 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-01-01 09:09:38 UTC

CVE-2021-45950:

LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in dwg_free_BLOCK_private (called from dwg_free_BLOCK and dwg_free_object).

No mention of a report upstream (of course), so no idea about patches.

Comment 1 Andrew Ammerlaan gentoo-dev

2022-01-01 19:29:50 UTC

I don't package the nightly releases. Version 0.12.4 (packaged) is older then 0.12.4.4313, so we should be unaffected.

Comment 2 John Helmert III archtester

2022-01-01 19:35:29 UTC

CVE descriptions are untrustworthy. Are you unable to reproduce?

Comment 3 Andrew Ammerlaan gentoo-dev

2022-01-01 20:01:33 UTC

(In reply to John Helmert III from comment #2)
> Are you unable to reproduce?

I must confess that I have no clue on how to reproduce this. So yes I am unable to reproduce, but that says more about my hacking skills than about whether libredwg is vulnerable or not :P

Comment 4 Sam James archtester

2022-01-02 06:23:51 UTC

Given https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2021-814.yaml#L24 and https://github.com/LibreDWG/libredwg/commit/2d26a3b863be05b90bb1de62c3c54653480a68b5, we're ok I think.