CVE-2021-45341
📋 TL;DR
A buffer overflow vulnerability in LibreCAD's jwwlib component allows remote code execution when processing malicious JWW documents. Attackers can exploit this by tricking users into opening specially crafted CAD files. Users of LibreCAD 2.2.0-rc3 and older versions are affected.
💻 Affected Systems
- LibreCAD
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Librecad by Librecad
Librecad by Librecad
Librecad by Librecad
Librecad by Librecad
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's machine, data theft, and lateral movement within the network.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive files and system resources on the affected workstation.
If Mitigated
Limited impact with proper application sandboxing and user privilege restrictions preventing full system compromise.
🎯 Exploit Status
Exploitation requires user interaction to open malicious file, but no authentication is needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: LibreCAD 2.2.0 and later
Vendor Advisory: https://github.com/LibreCAD/LibreCAD/issues/1462
Restart Required: Yes
Instructions:
1. Download latest LibreCAD version from official website. 2. Uninstall old version. 3. Install new version. 4. Restart system.
🔧 Temporary Workarounds
Disable JWW file processing
allRemove or restrict JWW file association with LibreCAD
On Linux: sudo rm /usr/share/mime/packages/librecad.xml
On Windows: reg delete HKEY_CLASSES_ROOT\.jww /f
Application sandboxing
linuxRun LibreCAD in restricted environment
firejail --private librecad
bwrap --unshare-all --share-net --ro-bind /usr /usr --ro-bind /etc /etc --bind $HOME $HOME librecad
🧯 If You Can't Patch
- Implement strict file type filtering to block JWW files at email gateways and web proxies
- Educate users to never open CAD files from untrusted sources and implement application whitelisting
🔍 How to Verify
Check if Vulnerable:
Check LibreCAD version: Help → About LibreCAD. If version is 2.2.0-rc3 or older, system is vulnerable.Check Version:
librecad --versionVerify Fix Applied:
After update, verify version is 2.2.0 or newer in Help → About dialog.📡 Detection & Monitoring
Log Indicators:
- LibreCAD crash logs with jwwlib/CDataMoji references
- Unexpected process spawning from LibreCAD
Network Indicators:
- Downloads of JWW files from untrusted sources
- Outbound connections from LibreCAD process
SIEM Query:
process_name:"librecad" AND (event_type:crash OR parent_process_name:"librecad")🔗 References
- https://github.com/LibreCAD/LibreCAD/issues/1462
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCC2FZ6HZOIK3775K4MTCOUHX6PLGPEL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/
- https://security.gentoo.org/glsa/202305-26
- https://www.debian.org/security/2022/dsa-5077
- https://github.com/LibreCAD/LibreCAD/issues/1462
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCC2FZ6HZOIK3775K4MTCOUHX6PLGPEL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUMH3CWGVSMR2UIZEA35Q5UB7PDVVVYS/
- https://security.gentoo.org/glsa/202305-26
- https://www.debian.org/security/2022/dsa-5077
