CVE-2023-22670

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2023.6

Description The issue is related to a heap-based buffer overflow in the DXF file reading procedure. This occurs due to the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. The vulnerability can be exploited using specially crafted DXF files.

Recommendations For Open Design Alliance Drawings SDK versions prior to 2023.6, update to version 2023.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of DXF files from untrusted sources until the update is applied. Avoid using the XRecord data in the affected DXF file parsing procedure until the issue is resolved.