PT-2023-20685 · Open Design Alliance · Open Design Alliance Drawings Sdk
Jimmy Calderon
+2
·
Published
2023-04-10
·
Updated
2023-07-10
·
CVE-2023-26495
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open Design Alliance Drawings SDK versions prior to 2024.1
Description
An issue was discovered in the Open Design Alliance Drawings SDK where a crafted DWG file can force the SDK to reuse an object that has been freed. This can be leveraged by an attacker in conjunction with other issues to execute arbitrary code.
Recommendations
For versions prior to 2024.1, update to version 2024.1 or later to resolve the issue.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Design Alliance Drawings Sdk