Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Drawings_software_development_kit
(Opendesign)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-15 | CVE-2022-23095 | Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. | Drawings_software_development_kit | 7.8 | ||
| 2021-11-14 | CVE-2021-43336 | An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | Drawings_software_development_kit, Jt2go, Solid_edge, Teamcenter_visualization | 7.8 | ||
| 2021-11-14 | CVE-2021-43391 | An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | Drawings_software_development_kit | 7.8 | ||
| 2021-01-18 | CVE-2021-25173 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart). | Drawings_software_development_kit, Comos, Jt2go, Teamcenter_visualization | 7.8 | ||
| 2021-01-18 | CVE-2021-25174 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart). | Drawings_software_development_kit, Comos, Jt2go, Teamcenter_visualization | 7.8 | ||
| 2021-01-18 | CVE-2021-25175 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | Drawings_software_development_kit, Comos, Jt2go, Teamcenter_visualization | 7.8 | ||
| 2021-01-18 | CVE-2021-25176 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | Drawings_software_development_kit, Comos, Jt2go, Teamcenter_visualization | 7.8 | ||
| 2021-01-18 | CVE-2021-25177 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | Drawings_software_development_kit, Comos, Jt2go, Teamcenter_visualization | 7.8 | ||
| 2021-01-18 | CVE-2021-25178 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. | Drawings_software_development_kit, Comos, Jt2go, Teamcenter_visualization | 7.8 | ||
| 2021-11-14 | CVE-2021-43280 | A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | Drawings_software_development_kit | 7.8 |