PT-2021-23815 · Open Design Alliance · Open Design Alliance Drawings Sdk
Mat Powell
·
Published
2021-11-14
·
Updated
2023-03-01
·
CVE-2021-43336
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open Design Alliance Drawings SDK versions prior to 2022.11
Description
The issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file, such as an invalid number of properties, can trigger a write operation past the end of an allocated buffer. This can allow an attacker to execute code in the context of the current process.
Recommendations
For Open Design Alliance Drawings SDK versions prior to 2022.11, update to a version 2022.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of the DXF and DWG file parsing functionality until a patch is available. Avoid using crafted DXF or DWG files that contain an invalid number of properties to minimize the risk of exploitation.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Design Alliance Drawings Sdk