CVE-2021-44044

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11

Description: An out-of-bounds write issue exists when parsing JPG files, specifically when crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. This can allow an attacker to execute code in the context of the current process.

Recommendations: For versions prior to 2022.11, update to a version 2022.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of JPG files with the Drawings SDK until a patch is available. Avoid using the Drawings SDK to parse JPG files with crafted data, specifically those containing 4 extraneous bytes before the marker 0xca, to minimize the risk of exploitation.