CVE-2021-28237 – LibreDWG v0.12.3 contains a heap-buffer overflo... (How to Fix)

Q: What is the severity of CVE-2021-28237?

CVE-2021-28237 has a CVSS score of 9.8 (CRITICAL). LibreDWG v0.12.3 contains a heap-buffer overflow vulnerability in the decode_preR13 function that allows attackers to execute arbitrary code or cause denial of service. This affects any application or system using LibreDWG to process DWG files. Users and organizations that handle CAD files with LibreDWG are at risk.

📋 TL;DR

LibreDWG v0.12.3 contains a heap-buffer overflow vulnerability in the decode_preR13 function that allows attackers to execute arbitrary code or cause denial of service. This affects any application or system using LibreDWG to process DWG files. Users and organizations that handle CAD files with LibreDWG are at risk.

💻 Affected Systems

Products:

LibreDWG

Versions: v0.12.3 and earlier versions

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: Any application or service that uses LibreDWG library to parse DWG files is vulnerable.

📦 What is this software?

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) when processing malicious DWG files, potentially disrupting CAD workflows.

🟢

If Mitigated

Contained application crash with no privilege escalation if proper sandboxing and memory protections are enabled.

🌐 Internet-Facing: MEDIUM - Requires processing malicious DWG files, which could be uploaded via web interfaces or email attachments.

🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious DWG files, but requires user interaction.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available in GitHub issue #325. Exploitation requires user to open a malicious DWG file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.12.4 and later

Vendor Advisory: https://github.com/LibreDWG/libredwg/issues/325

Restart Required: Yes

Instructions:

1. Check current version with 'dwgread --version'. 2. Update LibreDWG using package manager or compile from source. 3. Restart any services using LibreDWG.

🔧 Temporary Workarounds

Disable DWG file processing

linux

Temporarily disable LibreDWG or block DWG file processing until patched.

# Disable LibreDWG services
sudo systemctl stop libredwg-services
# Remove execute permissions
sudo chmod -x /usr/bin/dwg*

File type filtering

all

Block or quarantine DWG files at network boundaries and email gateways.

🧯 If You Can't Patch

Implement strict file upload validation for DWG files
Run LibreDWG in sandboxed/containerized environment with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Run 'dwgread --version' and check if version is 0.12.3 or earlier.

Check Version:

dwgread --version

Verify Fix Applied:

Verify version is 0.12.4 or later with 'dwgread --version' and test with known malicious DWG file.

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Memory access violation errors in system logs
Unusual process termination of dwg-related processes

Network Indicators:

Unexpected DWG file transfers
Large DWG files from untrusted sources

SIEM Query:

process.name:dwg* AND (event.action:crash OR error.message:"segmentation fault")

📊 Metadata

CVE ID: CVE-2021-28237

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 2, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/LibreDWG/libredwg/issues/325 Exploit,Third Party Advisory
https://github.com/LibreDWG/libredwg/issues/325 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-28237, you might also want to check these: