CVE-2023-5180 — Out-of-bounds Write in Design Alliance ODA Drawings SDK ALL Versions 2024.12

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 84.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Open Design Alliance ODA Drawings SDK ALL Versions 2024.12 Opendesign Drawings SDK

Timeline

PublishedDec 26

Description

An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5open_design_alliance/oda_drawings_sdk_all_versions_2024.12< 2024.12

▶NVDopendesign/drawings_sdk< 2024.12

🔴Vulnerability Details

CVEList

Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12↗2023-12-26

▶

GHSA

GHSA-qmw9-j9cf-fc9w: An issue was discovered in Open Design Alliance Drawings SDK before 2024↗2023-12-26

▶