Login Sign Up

CVE-2021-36080

8.8 HIGH
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2021-36080 is a double-free vulnerability in GNU LibreDWG's bit_chain_free function that can lead to memory corruption and potential remote code execution. This affects applications that process DWG files using vulnerable LibreDWG library versions. Users and systems that handle DWG CAD files through LibreDWG are at risk.

💻 Affected Systems

Products:
  • GNU LibreDWG
Versions: 0.12.3.4163 through 0.12.3.4191
Operating Systems: All platforms running LibreDWG
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using LibreDWG to process DWG files is vulnerable.

📦 What is this software?

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the LibreDWG process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious DWG files.

🟢

If Mitigated

Limited impact if the application runs with minimal privileges and proper memory protections.

🌐 Internet-Facing: MEDIUM - Exploitable if the application processes user-uploaded DWG files, but requires specific conditions.
🏢 Internal Only: LOW - Typically affects CAD processing tools rather than core infrastructure.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious DWG file that triggers the double-free condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.12.3.4192 and later

Vendor Advisory: https://github.com/LibreDWG/libredwg/commit/9b6e0ff9ef02818df034fc42c3bd149a5ff89342

Restart Required: Yes

Instructions:

1. Update LibreDWG to version 0.12.3.4192 or later. 2. Rebuild any applications using LibreDWG. 3. Restart affected services.

🔧 Temporary Workarounds

Disable DWG file processing

all

Temporarily disable LibreDWG-based DWG file processing in applications.

Sandbox LibreDWG processes

linux

Run LibreDWG in a sandboxed environment with limited privileges.

🧯 If You Can't Patch

  • Implement strict input validation for DWG files
  • Run LibreDWG processes with minimal privileges and memory protection (ASLR, DEP)

🔍 How to Verify

Check if Vulnerable:

Check LibreDWG version: libredwg --version or check package manager. If version is between 0.12.3.4163 and 0.12.3.4191 inclusive, it's vulnerable.

Check Version:

libredwg --version

Verify Fix Applied:

Verify version is 0.12.3.4192 or later. Test with known malicious DWG files if available.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing DWG files
  • Memory corruption errors in application logs

Network Indicators:

  • Unusual uploads of DWG files to web applications

SIEM Query:

source="application.log" AND ("segmentation fault" OR "double free" OR "corrupted") AND "libredwg"

📊 Metadata

CVE ID: CVE-2021-36080
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-415
Published: July 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36080, you might also want to check these:

CVE-2020-35885 9.8

This vulnerability in the alpm-rs Rust crate allows double-free memory corruption due to improper de...

Same vulnerability type (CWE-415)
CVE-2021-29940 9.8

This vulnerability in the Rust 'through' crate allows double-free memory corruption when the map fun...

Same vulnerability type (CWE-415)
CVE-2023-49937 9.8

This CVE describes a double-free vulnerability in SchedMD Slurm workload manager that allows attacke...

Same vulnerability type (CWE-415)