Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Drawings_software_development_kit
(Opendesign)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 13 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-11-14 | CVE-2021-43390 | An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | Drawings_software_development_kit | 7.8 | ||
2021-11-14 | CVE-2021-43391 | An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | Drawings_software_development_kit | 7.8 | ||
2022-01-15 | CVE-2022-23095 | Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. | Drawings_software_development_kit | 7.8 |