CVE-2023-5179 — Out-of-bounds Read in Design Alliance ODA Drawings SDK ALL Versions 2024.10

CWE-125 — Out-of-bounds Read2 documents2 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 74.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open Design Alliance ODA Drawings SDK ALL Versions 2024.10 Opendesign Drawings SDK

Timeline

PublishedNov 7

Description

An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5open_design_alliance/oda_drawings_sdk_all_versions_2024.10< 2024.10

▶NVDopendesign/drawings_sdk< 2024.10

🔴Vulnerability Details

CVEList

CVE-2023-5179: An issue was discovered in Open Design Alliance Drawings SDK before 2024↗2023-11-07

▶