CVE-2021-32938

Name of the Vulnerable Software and Affected Versions Drawings SDK versions prior to 2022.4

Description The issue is due to the parsing of DWG files resulting from the lack of proper validation of user-supplied data, which can cause an out-of-bounds read. This allows attackers to cause a denial-of-service condition or read sensitive information from memory.

Recommendations For versions prior to 2022.4, update to version 2022.4 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of DWG files until a patch is available. Avoid using the Drawings SDK to parse untrusted DWG files until the issue is resolved.