Login Sign Up

CVE-2020-21816

8.8 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2020-21816 is a heap-based buffer overflow vulnerability in GNU LibreDWG's HTML escape function that allows attackers to execute arbitrary code or cause denial of service. This affects applications that process untrusted DWG files using vulnerable LibreDWG versions. Users and systems that handle CAD files from untrusted sources are at risk.

💻 Affected Systems

Products:
  • GNU LibreDWG
Versions: 0.10.2641 and earlier versions
Operating Systems: Linux, Windows, macOS, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using LibreDWG library to process DWG files is vulnerable. The vulnerability is in the htmlescape function in escape.c.

📦 What is this software?

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the LibreDWG process, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious DWG files, disrupting CAD file processing workflows.

🟢

If Mitigated

Limited impact if proper input validation and memory protections are in place, potentially just application instability.

🌐 Internet-Facing: MEDIUM - Only affects systems that process uploaded DWG files from external sources via LibreDWG.
🏢 Internal Only: LOW - Requires processing of malicious DWG files, which is less common in internal-only environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious DWG file that triggers the buffer overflow when processed. The GitHub issue contains technical details that could aid exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.10.2642 and later

Vendor Advisory: https://github.com/LibreDWG/libredwg/issues/182

Restart Required: Yes

Instructions:

1. Update LibreDWG to version 0.10.2642 or later. 2. Rebuild any applications using LibreDWG. 3. Restart affected services.

🔧 Temporary Workarounds

Disable DWG file processing

all

Temporarily disable LibreDWG-based DWG file processing until patched.

# Disable services using LibreDWG
sudo systemctl stop [service-name]

Input validation

all

Implement strict validation of DWG files before processing with LibreDWG.

🧯 If You Can't Patch

  • Isolate systems using LibreDWG from untrusted networks
  • Implement application whitelisting to prevent execution of malicious payloads

🔍 How to Verify

Check if Vulnerable:

Check LibreDWG version: redwg --version or check installed package version.

Check Version:

redwg --version

Verify Fix Applied:

Verify version is 0.10.2642 or later and test with sample DWG files.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory access violation errors in logs
  • Unexpected process termination

Network Indicators:

  • Unusual outbound connections from LibreDWG processes
  • Large file uploads to DWG processing endpoints

SIEM Query:

process_name:"redwg" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2020-21816
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-21816, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)