PT-2021-24032 · Open Design Alliance · Open Design Alliance Prc Sdk

Khangkito

Published

2021-11-29

Updated

2021-12-07

CVE-2021-44046

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Open Design Alliance PRC SDK versions prior to 2022.11

Description: An out-of-bounds write issue exists when reading U3D files, caused by an unchecked return value of a function that verifies input data from a U3D file. This allows an attacker to execute code in the context of the current process.

Recommendations: For versions prior to 2022.11, update to a version 2022.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of U3D file parsing functionality until a patch is available. Avoid using the vulnerable function that verifies input data from U3D files until the issue is resolved.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-44046

ZDI-21-1338

Affected Products

Open Design Alliance Prc Sdk

PT-2021-24032 · Open Design Alliance · Open Design Alliance Prc Sdk

CVE-2021-44046

Weakness Enumeration

Related Identifiers

Affected Products

References · 6