PT-2021-19986 · Open Design Alliance · Oda Drawing Sdk
Mat Powell
·
Published
2021-06-17
·
Updated
2023-03-28
·
CVE-2021-32940
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Open Design Alliance (ODA) Drawing SDK versions prior to 2022.5
Description
The issue is related to an out-of-bounds read in the DWG file-recovering procedure due to the lack of proper validation of user-supplied data. This can cause a read past the end of an allocated buffer, allowing attackers to cause a denial-of-service condition or read sensitive information from memory locations.
Recommendations
For versions prior to 2022.5, update to version 2022.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the DWG file-recovering procedure in the Drawings SDK until a patch is available. Avoid using the Drawings SDK to parse untrusted DWG files until the issue is resolved.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oda Drawing Sdk