Login Sign Up

CVE-2020-21843

8.8 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2020-21843 is a heap-based buffer overflow vulnerability in GNU LibreDWG 0.10, allowing attackers to execute arbitrary code or cause denial-of-service by processing malicious DWG files. It affects users of LibreDWG software for handling CAD files, particularly in environments where untrusted files are processed.

💻 Affected Systems

Products:
  • GNU LibreDWG
Versions: Version 0.10 specifically; earlier versions may be affected but not confirmed.
Operating Systems: Linux, Windows, macOS, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when parsing DWG files via the bit_read_RC function; default installations are vulnerable if processing untrusted files.

📦 What is this software?

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial-of-service crashes or limited code execution in sandboxed environments.

🟢

If Mitigated

Minimal impact if file processing is restricted to trusted sources or with memory protections enabled.

🌐 Internet-Facing: MEDIUM, as exploitation requires processing malicious files, which may occur via web uploads or email attachments.
🏢 Internal Only: LOW, assuming internal users only handle trusted files and network segmentation limits lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept details are available in public references; exploitation is straightforward via crafted DWG files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 0.10; check for updates like 0.11 or later.

Vendor Advisory: https://github.com/LibreDWG/libredwg/issues/188

Restart Required: No

Instructions:

1. Update LibreDWG to the latest version from the official repository. 2. Recompile or reinstall the software. 3. Verify the fix by testing with known malicious files.

🔧 Temporary Workarounds

Restrict file processing

all

Limit LibreDWG usage to trusted, validated DWG files only.

Enable memory protections

linux

Use OS-level protections like ASLR and DEP to reduce exploit success.

echo 2 > /proc/sys/kernel/randomize_va_space (Linux for ASLR)

🧯 If You Can't Patch

  • Isolate LibreDWG instances in sandboxed environments or virtual machines.
  • Implement strict input validation and block untrusted DWG file uploads or processing.

🔍 How to Verify

Check if Vulnerable:

Check if LibreDWG version is 0.10 or earlier; test with a proof-of-concept DWG file if available.

Check Version:

libredwg --version or check package manager (e.g., dpkg -l libredwg on Debian).

Verify Fix Applied:

Update to a patched version and confirm it no longer crashes or exhibits overflow behavior with test files.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes, segmentation faults, or abnormal termination logs in syslog or application logs.

Network Indicators:

  • Unusual file uploads or downloads of DWG files to/from vulnerable systems.

SIEM Query:

Example: 'event_source="libredwg" AND (event_type="crash" OR event_type="error")'

📊 Metadata

CVE ID: CVE-2020-21843
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 17, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-21843, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)