CVE-2022-28809

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2023.3

Description An issue exists when reading a DWG file with an invalid vertex number in recovery mode, leading to an Out-of-Bounds Read. This can allow an attacker to execute code in the context of the current process or cause a denial of service.

Recommendations For versions prior to 2023.3, update to version 2023.3 or later to resolve the issue. As a temporary workaround, consider restricting the processing of DWG files with invalid vertex numbers in recovery mode until a patch is available.