PT-2021-23798 · Open Design Alliance · Open Design Alliance Drawings Sdk
Mat Powell
·
Published
2021-11-10
·
Updated
2021-11-17
·
CVE-2021-43278
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open Design Alliance Drawings SDK versions prior to 2022.11
Description
An Out-of-bounds Read issue exists in the OBJ file reading procedure due to the lack of input length validation, allowing a read past the end of an allocated buffer. This can be leveraged by an attacker to execute code in the context of the current process.
Recommendations
For versions prior to 2022.11, update to a version 2022.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of OBJ file parsing functionality until a patch is available. Avoid using the vulnerable OBJ file reading procedure in the Drawings SDK until the issue is resolved.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Design Alliance Drawings Sdk