CVE-2021-25175

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2021.11

Description A Type Conversion issue and a NULL pointer dereference exist when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack. The issue can be exploited by rendering malformed files, leading to a crash or potentially allowing remote code execution.

Recommendations For versions prior to 2021.11, update to a version 2021.11 or later to resolve the issue. As a temporary workaround, consider restricting the rendering of .DXF and .DWG files from untrusted sources to minimize the risk of exploitation. Avoid using the Drawings SDK to render malformed files until the issue is resolved.