CVE-2023-36273 - Heap Buffer Overflow Vulnerability in LibreDWG v.12.5 through bit_calc_CRC Function

A critical vulnerability, identified as CVE-2023-36273, has been discovered in LibreDWG v.12.5, a popular open-source library for reading and writing DWG files. This vulnerability could cause a heap buffer overflow in the affected systems, potentially resulting in denial of service, information leakage, or remote code execution. This issue resides in the bit_calc_CRC function found in the bits.c source file.

The problematic code exists in "bits.c" in the "bit_calc_CRC" function

unsigned int
bit_calc_CRC(unsigned int crc, unsigned char *chain, int count)
{
  int i;
  unsigned int cb;

  for (i = ; i < count; i++)
  {
    ...
  }
  return crc;
}

Exploit Details

The heap buffer overflow vulnerability occurs due to insufficient bounds checking when processing DWG files. The bit_calc_CRC function is responsible for computing CRC values of the input data. However, it fails to ensure proper verification of the input data size and user-controlled input is directly passed to the function.

An attacker can craft a malicious DWG file containing a specific data structure with an oversized input, causing the function to process an incorrect input size. This can result in a heap buffer overflow, leading to remote code execution, denial of service, or information leakage due to incorrect processing of the DWG file.

The vulnerability is exploitable by simply feeding a maliciously-crafted DWG file to a vulnerable instance of LibreDWG, which then processes the file, potentially leading to successful exploitation.

Original References

The vulnerability was reported to the developers and the following links contain detailed information about the issue and its progress:

- LibreDWG GitHub Issue: https://github.com/LibreDWG/libredwg/issues/ISSUE_NUMBER
- CVE-2023-36273 (MITRE): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36273
- CVE-2023-36273 (NVD): https://nvd.nist.gov/vuln/detail/CVE-2023-36273

To protect your systems from this vulnerability, implement the following mitigation measures

1. Ensure that you are running the latest version of LibreDWG and apply any security patches released by the developers. Keep an eye on the LibreDWG GitHub repository for updates related to this issue.
2. Validate input files and their sizes before passing them to the bit_calc_CRC function, ensuring they adhere to the expected format and requirements.
3. Employ proper input validation techniques and bounds checking for other functions that also deal with user-controlled input to safeguard against potential overflow conditions.
4. Enforce strict memory management and deallocation routines in the application to prevent possible memory leaks or corruptions arising from this kind of vulnerability.
5. Finally, be cautious when handling untrusted DWG files from unknown sources and consider employing additional security measures, such as sandboxing, to isolate the processing of unknown files from your primary system.

Conclusion

The heap buffer overflow vulnerability CVE-2023-36273 in LibreDWG v.12.5 is a critical security issue that may lead to remote code execution, denial of service, or information leakage. The affected function, bit_calc_CRC, lacks proper input validation and bounds checking, making it susceptible to an overflow attack. By applying the aforementioned mitigation measures and vigilantly monitoring for updates from the developers, you can safeguard your systems from potential exploitation.

Timeline

Published on: 06/23/2023 15:15:00 UTC
Last modified on: 06/27/2023 12:42:00 UTC