New in Portable LibreCAD 2.2.0.1 (Jul 13, 2023)
- This is a bugfix release for official stable release 2.2.0.
- It fixes a minor vulnerability (CVE-2023-30259) with a mature shapelib contained in our codebase.
- The vulnerability addresses only the plugin Importshp, which is used to import shape files (SHP/SHX/DBF).
- Shape files are used in surveying and so do not affect the most users.
- As this is probably not a widely used plugin, the fix was just to remove the plugin.
- If you are a surveyor and need the shape file support, it is safe to stay with 2.2.0 version, as long as you know the origin of the used shape files.
- The vulnerability is an out-of-bounds read, what means, if a malformed shape file is imported, the application can crash.
- With some efforts an attacker possibly can create a shape file, which can lead to unintended code execution and seize your computer.
- But this is a worst case scenario, which I would rate as extremely low to occur.