CVE-2021-43273 — Out-of-bounds Read in Drawings SDK

CWE-125 — Out-of-bounds Read3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.3%
top 48.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opendesign Drawings SDK
Timeline
PublishedNov 14
Latest updateMay 24

Description

An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages1 packages

â–¶NVDopendesign/drawings_sdk< 2022.11

🔴Vulnerability Details

2
GHSA
GHSA-8h79-9mcx-wqxg: An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022↗2022-05-24
â–¶
CVEList
CVE-2021-43273: An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022↗2021-11-14
â–¶
CVE-2021-43273 — Out-of-bounds Read in Drawings SDK | cvebase