CVE-2021-39522: 
NixOS vulnerability analysis and mitigation

An issue was discovered in libredwg through v0.10.1.3751 where the bit_wcs2len() function in bits.c contains a heap-based buffer overflow vulnerability (NVD, Debian Tracker). The vulnerability was disclosed on September 20, 2021 and affects all versions of libredwg up to and including version 0.10.1.3751.

The vulnerability exists in the bit_wcs2len() function located in the bits.c file of libredwg. It manifests as a heap-based buffer overflow condition that occurs during memory operations. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The heap buffer overflow vulnerability can lead to multiple severe impacts including potential code execution, system crashes, and memory corruption. When successfully exploited, it could allow attackers to gain unauthorized access to system memory, potentially leading to arbitrary code execution or denial of service conditions (GitHub Issue).

Users should upgrade to a version newer than v0.10.1.3751 where this vulnerability has been addressed. For systems that cannot be immediately updated, it is recommended to implement access controls to limit exposure to potentially malicious input files (NVD).