CVE-2021-44422

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.12

Description: An Improper Input Validation issue exists when reading a BMP file, allowing crafted data to trigger a write operation past the end of an allocated buffer or lead to a heap-based buffer overflow. This can enable an attacker to execute code in the context of the current process.

Recommendations: For versions prior to 2022.12, update to a version 2022.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of BMP files with the Drawings SDK until a patch is available. Avoid using the Drawings SDK to parse potentially crafted BMP files until the issue is resolved.