CVE-2021-25177

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2021.11

Description: A Type Confusion issue and a NULL pointer dereference exist when rendering malformed .DXF and .DWG files, allowing attackers to cause a crash, potentially enabling a denial of service attack.

Recommendations: For versions prior to 2021.11, update to version 2021.11 or later to resolve the issue. As a temporary workaround, consider restricting the rendering of .DXF and .DWG files to trusted sources until a patch is available. Avoid using the affected SDK for parsing untrusted files until the issue is resolved.