CVE-2021-43280

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2022.8

Description A stack-based buffer overflow vulnerability exists in the DWF file reading procedure due to the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. This allows an attacker to execute code in the context of the current process.

Recommendations For versions prior to 2022.8, update to version 2022.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of DWF file parsing functionality until a patch is available. Avoid using the vulnerable DWF file reading procedure in the Open Design Alliance Drawings SDK until the issue is resolved.