CVE-2021-32948

Name of the Vulnerable Software and Affected Versions Drawings SDK versions prior to 2022.4

Description An out-of-bounds write issue exists in the DWG file-reading procedure due to the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.

Recommendations For versions prior to 2022.4, update to version 2022.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the DWG file-reading procedure until a patch is available. Avoid using the Drawings SDK to parse untrusted DWG files until the issue is resolved.