Open Design Drawings Software Development Kit (SDK) 2021.11

CPE Details

Open Design Drawings Software Development Kit (SDK) 2021.11
2021.11
2021-02-01
12h29 +00:00
2021-02-01
12h29 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:opendesign:drawings_software_development_kit:2021.11:*:*:*:*:*:*:*

Informations

Vendor

opendesign

Product

drawings_software_development_kit

Version

2021.11

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-23095 2022-01-15 13h36 +00:00 Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.
7.8
High
CVE-2021-43280 2021-11-14 19h58 +00:00 A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
7.8
High
CVE-2021-43390 2021-11-14 19h56 +00:00 An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
7.8
High
CVE-2021-43275 2021-11-14 19h50 +00:00 A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.
7.8
High
CVE-2021-43274 2021-11-14 19h49 +00:00 A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
7.8
High
CVE-2021-43336 2021-11-13 23h00 +00:00 An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
7.8
High
CVE-2021-43391 2021-11-13 23h00 +00:00 An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
7.8
High
CVE-2021-25173 2021-01-18 06h14 +00:00 An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
7.8
High
CVE-2021-25174 2021-01-18 06h14 +00:00 An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).
7.8
High