CVE-2021-28236
📋 TL;DR
LibreDWG v0.12.3 contains a NULL pointer dereference vulnerability in out_dxfb.c that can cause denial of service (DoS) through application crashes. This affects users and systems that process DWG files using the vulnerable LibreDWG library. The vulnerability is triggered when parsing specially crafted DWG files.
💻 Affected Systems
- LibreDWG
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete application crash leading to denial of service, potentially disrupting CAD file processing workflows and causing data loss if files are being actively processed.
Likely Case
Application crash when processing malicious or malformed DWG files, resulting in temporary service disruption until the application is restarted.
If Mitigated
Minimal impact if proper input validation and file sanitization are implemented before processing DWG files.
🎯 Exploit Status
The GitHub issue contains details about the vulnerability and potentially proof-of-concept information. Exploitation requires feeding a malicious DWG file to the vulnerable application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.12.4 or later
Vendor Advisory: https://github.com/LibreDWG/libredwg/issues/324
Restart Required: Yes
Instructions:
1. Check current LibreDWG version. 2. Update to v0.12.4 or later using package manager or source compilation. 3. Restart any services using LibreDWG. 4. Recompile any applications linked against LibreDWG.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement strict validation of DWG files before processing with LibreDWG. Reject files that appear malformed or suspicious.
Process Isolation
linuxRun LibreDWG processing in isolated containers or sandboxes to limit impact of crashes.
docker run --rm -v $(pwd):/data libredwg
🧯 If You Can't Patch
- Implement network segmentation to isolate systems using LibreDWG from untrusted networks
- Deploy application-level firewalls or WAFs to block malicious file uploads containing DWG files
🔍 How to Verify
Check if Vulnerable:
Check LibreDWG version: 'dwgread --version' or examine package manager output. Version 0.12.3 is vulnerable.Check Version:
dwgread --version 2>/dev/null || echo "LibreDWG not found or version check failed"Verify Fix Applied:
Verify version is 0.12.4 or later and test with known problematic DWG files to ensure no crashes occur.📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation fault errors
- Core dumps from LibreDWG processes
- Error messages referencing out_dxfb.c or NULL pointer
Network Indicators:
- Multiple failed DWG file uploads from single source
- Unusual patterns in CAD file processing requests
SIEM Query:
source="application.log" AND ("segmentation fault" OR "NULL pointer" OR "out_dxfb.c") AND process="*libredwg*"