PT-2024-39305 · Open Design Alliance · Open Design Alliance Drawings Sdk
Vladislav Berghici
·
Published
2024-04-12
·
Updated
2025-08-14
·
CVE-2024-8894
CVSS v4.0
8.1
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H |
Name of the Vulnerable Software and Affected Versions:
Open Design Alliance Drawings SDK versions prior to 2025.10
Description:
An out-of-bounds write issue was discovered in the Open Design Alliance Drawings SDK. This issue can be triggered by reading a crafted DWF file and missing proper checks on received
SectionIterator data, which can cause an unhandled exception. This may allow attackers to cause a crash, potentially enabling a denial-of-service attack or possible code execution.Recommendations:
For versions prior to 2025.10, upgrade the affected component to a version that includes the fix for this issue. As a temporary workaround, consider restricting the handling of DWF files to minimize the risk of exploitation. Avoid using the
SectionIterator data in the affected API endpoint until the issue is resolved.Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open Design Alliance Drawings Sdk