CVE-2022-28807

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2023.2

Description An issue exists when rendering a .dwg file after it's opened in the recovery mode, allowing an Out-of-Bounds Read. This can be leveraged by an attacker to execute code in the context of the current process.

Recommendations For versions prior to 2023.2, update to version 2023.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the recovery mode when opening .dwg files until a patch is available. Restrict access to .dwg files to minimize the risk of exploitation.