PT-2023-20685 · Open Design Alliance · Open Design Alliance Drawings Sdk

Jimmy Calderon

Publicado

2023-04-10

Atualizado

2023-07-10

CVE-2023-26495

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2024.1

Description An issue was discovered in the Open Design Alliance Drawings SDK where a crafted DWG file can force the SDK to reuse an object that has been freed. This can be leveraged by an attacker in conjunction with other issues to execute arbitrary code.

Recommendations For versions prior to 2024.1, update to version 2024.1 or later to resolve the issue.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

CVE-2023-26495

ZDI-23-907

Produtos afetados

Open Design Alliance Drawings Sdk

PT-2023-20685 · Open Design Alliance · Open Design Alliance Drawings Sdk

CVE-2023-26495

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6