Published: 25/01/2022 Updated: 27/10/2022

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 676

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an malicious user to inject OS commands via a crafted filename.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freecadweb freecad 0.19
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #1005747 freecad: CVE-2021-45844 - Improper sanitization in the invocation of ODA File Converter Package: src:freecad; Maintainer for src:freecad is Debian Science Maintainers <debian-science-maintainers@listsaliothdebianorg>; Reported by: Neil Williams <codehelp@debianorg> Date: Mon, 14 F ...

Two vulnerabilities were discovered in FreeCAD, a CAD/CAM program, which could result in the execution of arbitrary shell commands when opening a malformed file For the stable distribution (bullseye), these problems have been fixed in version 0191+dfsg1-2+deb11u1 We recommend that you upgrade your freecad packages For the detailed security sta ...

CWE-78 https://tracker.freecad.org/view.php?id=4809 https://forum.freecadweb.org/viewtopic.php?t=64733 https://lists.debian.org/debian-lts-announce/2022/03/msg00004.html https://lists.debian.org/debian-lts-announce/2022/08/msg00008.html https://www.debian.org/security/2022/dsa-5229 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005747 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5229

CVE-2021-45844

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect