CVE-2021-39528 – CVE-2021-39528 is a double-free vulnerability i... (How to Fix)

Q: What is the severity of CVE-2021-39528?

CVE-2021-39528 has a CVSS score of 8.8 (HIGH). CVE-2021-39528 is a double-free vulnerability in LibreDWG's dwg_free_MATERIAL_private() function that can lead to memory corruption and potential remote code execution. This affects applications using LibreDWG library versions through v0.10.1.3751 to parse DWG files. Users and systems processing untrusted DWG files with vulnerable LibreDWG versions are at risk.

📋 TL;DR

CVE-2021-39528 is a double-free vulnerability in LibreDWG's dwg_free_MATERIAL_private() function that can lead to memory corruption and potential remote code execution. This affects applications using LibreDWG library versions through v0.10.1.3751 to parse DWG files. Users and systems processing untrusted DWG files with vulnerable LibreDWG versions are at risk.

💻 Affected Systems

Products:

LibreDWG

Versions: All versions through v0.10.1.3751

Operating Systems: Linux, Windows, macOS, BSD, All platforms where LibreDWG runs

Default Config Vulnerable: ⚠️ Yes

Notes: Any application linking against vulnerable LibreDWG versions is affected when processing DWG files. The vulnerability is in the library itself, not dependent on specific configurations.

📦 What is this software?

Libredwg by Gnu

View all CVEs affecting Libredwg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application using LibreDWG, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious DWG files, with possible information disclosure from memory corruption.

🟢

If Mitigated

Limited to application crash if memory protections (ASLR, DEP) are effective, but still represents a denial of service vulnerability.

🌐 Internet-Facing: MEDIUM - Risk depends on whether the application processes untrusted DWG files from external sources. Web applications accepting DWG uploads would be vulnerable.

🏢 Internal Only: LOW - Internal systems not processing untrusted DWG files have minimal exposure, though internal file sharing could still pose risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Proof of concept exists in the GitHub issue. Exploitation requires crafting a malicious DWG file that triggers the double-free condition. No authentication is needed if the application processes external DWG files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.10.1.3752 and later

Vendor Advisory: https://github.com/LibreDWG/libredwg/issues/256

Restart Required: Yes

Instructions:

1. Update LibreDWG to version v0.10.1.3752 or later. 2. Recompile any applications using LibreDWG with the updated library. 3. Restart affected applications/services. 4. For package-managed installations, use your system's package manager to update.

🔧 Temporary Workarounds

Disable DWG file processing

all

Temporarily disable DWG file processing in applications until patched

Use alternative DWG libraries

all

Switch to alternative DWG processing libraries like Open Design Alliance or Teigha

🧯 If You Can't Patch

Implement strict input validation and sanitization for DWG files before processing
Run applications with minimal privileges and in sandboxed/containerized environments

🔍 How to Verify

Check if Vulnerable:

Check LibreDWG version: `libredwg --version` or check library version in applications. Versions <= v0.10.1.3751 are vulnerable.

Check Version:

libredwg --version

Verify Fix Applied:

Verify version is >= v0.10.1.3752 and test with known malicious DWG files to ensure no crashes occur.

📡 Detection & Monitoring

Log Indicators:

Application crashes or segmentation faults when processing DWG files
Memory corruption errors in application logs

Network Indicators:

Unusual DWG file uploads to web applications
Multiple failed DWG processing attempts

SIEM Query:

source="application.log" AND ("segmentation fault" OR "double free" OR "memory corruption") AND "dwg"

📊 Metadata

CVE ID: CVE-2021-39528

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-415

Published: September 20, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/LibreDWG/libredwg/issues/256 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/LibreDWG/libredwg/issues/256 Exploit,Issue Tracking,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39528, you might also want to check these: