CVE-2021-44045

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11

Description: The issue exists within the parsing of DGN files, where crafted data and a lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. This can allow an attacker to execute code in the context of the current process.

Recommendations: For versions prior to 2022.11, update to a version 2022.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of DGN files from untrusted sources until a patch is available. Avoid using the Drawings SDK to parse DGN files that may contain crafted data, as this can trigger the out-of-bounds write vulnerability.