An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
References
Link | Resource |
---|---|
https://www.opendesign.com/security-advisories | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-1291/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-21-1281/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-21-1357/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-21-1351/ | Third Party Advisory VDB Entry |
Configurations
Information
Published : 2021-11-14 13:15
Updated : 2021-11-30 12:23
NVD link : CVE-2021-43273
Mitre link : CVE-2021-43273
JSON object : View
CWE
CWE-125
Out-of-bounds Read
Products Affected
opendesign
- drawings_sdk