CVE-2021-32936

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGH

EPSS

0.4%

top 40.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opendesign Drawings SDK Siemens Comos Siemens Jt2go +1 more

Timeline

PublishedJun 17

Latest updateMay 24

Description

An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDopendesign/drawings_sdk< 2022.4

▶CVEListV5drawings_sdkAll versions prior to 2022.4

▶NVDsiemens/comos< 10.4.1

▶NVDsiemens/jt2go< 13.2.0.1

▶NVDsiemens/teamcenter_visualization< 13.2.0.1

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-qpw7-9frf-qxmc: An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022↗2022-05-24

▶

CVEList

CVE-2021-32936: An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022↗2021-06-17

▶