CVE-2021-44048

Name of the Vulnerable Software and Affected Versions: Open Design Alliance (ODA) Drawings Explorer versions prior to 2022.11

Description: An out-of-bounds write issue exists when reading a TIF file. The specific issue occurs after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this to execute code in the context of the current process.

Recommendations: For versions prior to 2022.11, update to a version 2022.11 or later to resolve the issue. As a temporary workaround, consider avoiding the use of TIF files with the Drawings Explorer until a patch is available. Restrict access to the TIF file parsing functionality to minimize the risk of exploitation.