Opendesign Drawings Sdk vulnerabilities

CVE-2023-5180 [HIGH] CWE-787 CVE-2023-5180: An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of nu An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2023-5179 [HIGH] CWE-125 CVE-2023-5179: An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for t An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

CVE-2023-22670 [HIGH] CWE-787 CVE-2023-22670: A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawin A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can lev

CVE-2023-22669 [HIGH] CWE-787 CVE-2023-22669: Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of t Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2023-26495 [HIGH] CWE-416 CVE-2023-26495: An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can f An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.

CVE-2022-28808 [HIGH] CWE-125 CVE-2022-28808: An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vu An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2022-28807 [HIGH] CWE-125 CVE-2022-28807: An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vu An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2022-28809 [HIGH] CWE-306 CVE-2022-28809: An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vu An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-44859 [HIGH] CWE-125 CVE-2021-44859: An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawin An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-44860 [HIGH] CWE-125 CVE-2021-44860: An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawin An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-44422 [HIGH] CWE-20 CVE-2021-44422: An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current

CVE-2021-44044 [HIGH] CWE-787 CVE-2021-44044: An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawi An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to

CVE-2021-44047 [HIGH] CWE-416 CVE-2021-44047: A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawin A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vu

CVE-2021-44045 [HIGH] CWE-787 CVE-2021-44045: An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawi An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can lev

CVE-2021-43582 [HIGH] CWE-416 CVE-2021-43582: A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Draw A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to exe

CVE-2021-43273 [LOW] CWE-125 CVE-2021-43273: An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-32936 [HIGH] CWE-787 CVE-2021-32936: An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All ve An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the c

CVE-2021-32948 [HIGH] CWE-787 CVE-2021-32948: An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versi An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the curr

CVE-2021-32944 [HIGH] CWE-416 CVE-2021-32944: A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions pr A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the curren

CVE-2021-32938 [HIGH] CWE-125 CVE-2021-32938: Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing o Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.