PT-2021-24088 · Open Design Alliance · Open Design Alliance Drawings Explorer
Khangkito
+1
·
Published
2021-12-21
·
Updated
2021-12-27
·
CVE-2021-44423
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Open Design Alliance (ODA) Drawings Explorer versions prior to 2022.12
Description:
An out-of-bounds read issue exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer. The specific issue occurs after loading BMP files, where unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can leverage this issue to execute code in the context of the current process.
Recommendations:
For versions prior to 2022.12, update to a version 2022.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of BMP files in Open Design Alliance (ODA) Drawings Explorer until a patch is available. Avoid using the
BMP file parsing functionality in the affected software until the issue is resolved.Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Design Alliance Drawings Explorer