PT-2021-24164 · Open Design Alliance · Open Design Alliance Drawings Sdk
Mat Powell
·
Published
2021-12-21
·
Updated
2021-12-27
·
CVE-2021-44860
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Open Design Alliance Drawings SDK versions prior to 2022.12
Description:
An out-of-bounds read issue exists when reading a TIF file using the affected software. The specific issue occurs after loading TIF files, where unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this issue to execute code in the context of the current process.
Recommendations:
For versions prior to 2022.12, update to a version 2022.12 or later to resolve the issue. As a temporary workaround, consider restricting the loading of TIF files until a patch is available. Avoid using the affected software to load crafted TIF files until the issue is resolved.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Design Alliance Drawings Sdk