Login Sign Up

CVE-2020-21840

8.8 HIGH
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

CVE-2020-21840 is a heap-based buffer overflow vulnerability in GNU LibreDWG's bit_search_sentinel function that allows attackers to execute arbitrary code or cause denial of service. This affects users and applications that process malicious DWG files using vulnerable versions of LibreDWG. The vulnerability is triggered when parsing specially crafted DWG files.

💻 Affected Systems

Products:
  • GNU LibreDWG
Versions: Versions up to and including 0.10
Operating Systems: All platforms running LibreDWG
Default Config Vulnerable: ⚠️ Yes
Notes: Any application or service that uses LibreDWG to process DWG files is vulnerable.

📦 What is this software?

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the LibreDWG process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious DWG files.

🟢

If Mitigated

Limited impact if the application runs with minimal privileges and proper sandboxing/isolation.

🌐 Internet-Facing: MEDIUM - Only affects systems that process untrusted DWG files from external sources.
🏢 Internal Only: LOW - Requires processing of malicious DWG files, which is less common in internal-only environments.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires the victim to process a malicious DWG file. Proof-of-concept code is available in the GitHub issue.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 0.11 and later

Vendor Advisory: https://github.com/LibreDWG/libredwg/issues/188

Restart Required: Yes

Instructions:

1. Download LibreDWG version 0.11 or later from the official repository. 2. Compile and install the new version. 3. Restart any services or applications using LibreDWG.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of DWG files before processing with LibreDWG.

Sandbox Execution

linux

Run LibreDWG in a sandboxed environment with limited privileges.

firejail --net=none --private /path/to/libredwg

🧯 If You Can't Patch

  • Disable LibreDWG processing of untrusted DWG files
  • Implement network segmentation to isolate systems using LibreDWG

🔍 How to Verify

Check if Vulnerable:

Check if LibreDWG version is 0.10 or earlier: 'libredwg --version' or check package manager.

Check Version:

libredwg --version

Verify Fix Applied:

Verify installation of version 0.11 or later: 'libredwg --version' should show 0.11+.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults when processing DWG files
  • Unexpected process termination of LibreDWG

Network Indicators:

  • Unusual outbound connections from LibreDWG processes

SIEM Query:

process_name:"libredwg" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2020-21840
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-21840, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)