CVE-2022-23095

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2022.12.1

Description The issue is related to a buffer overflow in the Drawings SDK, which can be exploited by an attacker using a specially crafted file, potentially leading to the execution of arbitrary code. Specifically, the vulnerability is caused by the mishandling of JPG file loading, resulting in memory corruption when processing unchecked input data from a crafted JPG file. This allows an attacker to execute code in the context of the current process.

Recommendations For versions prior to 2022.12.1, update to version 2022.12.1 or later to resolve the issue. As a temporary workaround, consider restricting the loading of JPG files in the Drawings SDK until a patch is applied. Avoid using the Drawings SDK to load untrusted JPG files until the issue is resolved.