CVE-2023-22669

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2023.6

Description The issue is related to a heap-based buffer overflow in the parsing of DWG files. This occurs due to a lack of proper validation of the length of user-supplied XRecord data before it is copied to a fixed-length heap-based buffer. An attacker can exploit this to execute code in the context of the current process.

Recommendations For versions prior to 2023.6, update to version 2023.6 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of DWG files from untrusted sources until a patch is applied. Avoid using the XRecord data in the affected parsing functionality until the issue is resolved.