PT-2025-52653 · Open Design Alliance · Drawings Sdk
Published
2025-12-22
·
Updated
2025-12-22
·
CVE-2025-10021
CVSS v4.0
7.0
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Amber |
Name of the Vulnerable Software and Affected Versions
Open Design Alliance Drawings SDK versions prior to 2026.12
Description
A Use of Uninitialized Variable issue exists in the software. A static object
COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. This is due to undefined initialization order of static objects across translation units, known as a Static Initialization Order Fiasco. This can lead to an application crash on startup, resulting in a denial of service. While memory corruption and arbitrary code execution cannot be ruled out, they are specific to certain exploitation scenarios.Recommendations
Update to version 2026.12 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drawings Sdk