CVE-2018-18224 — Out-of-bounds Read in Drawings SDK

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

8.1HIGHNVD

EPSS

1.0%

top 23.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opendesign Drawings SDK Oracle Outside IN Technology

Timeline

PublishedOct 19

Latest updateMay 13

Description

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDopendesign/drawings_sdk2019

▶NVDoracle/outside_in_technology8.5.3, 8.5.4+1

🔴Vulnerability Details

GHSA

GHSA-vwpw-6vc6-37gq: A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers coul↗2022-05-13

▶

CVEList

CVE-2018-18224: A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers coul↗2018-10-19

▶