PT-2021-19505 · Open Design Alliance · Open Design Alliance Drawings Sdk

Izobashi

Published

2021-04-26

Updated

2022-04-15

CVE-2021-31784

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2021.6

Description The issue is related to an out-of-bounds write vulnerability in the file-reading procedure. This can lead to a crash, potentially causing a denial of service attack, or possibly enabling code execution.

Recommendations For versions prior to 2021.6, update to version 2021.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the file-reading procedure in the Drawings SDK until a patch is available. Avoid processing untrusted DXF files with the affected SDK to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-31784

ZDI-21-485

Affected Products

Open Design Alliance Drawings Sdk

PT-2021-19505 · Open Design Alliance · Open Design Alliance Drawings Sdk

CVE-2021-31784

Weakness Enumeration

Related Identifiers

Affected Products

References · 5