CVE-2021-25178

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2021.11

Description: A stack-based buffer overflow issue exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack or possible code execution.

Recommendations: For versions prior to 2021.11, update to a version 2021.11 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the recover operation with .DXF and .DWG files from untrusted sources until a patch is available. Restrict access to the recover operation to minimize the risk of exploitation.