CVE-2021-32944

Name of the Vulnerable Software and Affected Versions Drawings SDK versions prior to 2022.4

Description A use-after-free issue exists in the DGN file-reading procedure due to the lack of proper validation of user-supplied data. This can result in memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.

Recommendations For versions prior to 2022.4, update to version 2022.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the DGN file-reading procedure until a patch is available. Avoid using the Drawings SDK to parse untrusted DGN files until the issue is resolved.