CVE-2022-28808

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2023.3

Description An issue exists in the recovery mode of the Drawings SDK when reading DWG files, allowing for an Out-of-Bounds Read. This can be leveraged by an attacker to execute code in the context of the current process. The vulnerability is related to a buffer overflow in memory when processing DWG files, which can lead to arbitrary code execution or denial of service.

Recommendations For versions prior to 2023.3, update to version 2023.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the recovery mode when reading DWG files to minimize the risk of exploitation. Avoid using the Drawings SDK to process untrusted DWG files until the issue is resolved.