Drawings Sdk
CVE-2021-32936
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.
AnalysisAI
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Affected products include: Opendesign Drawings Sdk, Siemens Comos, Siemens Jt2Go, Siemens Teamcenter Visualization. Version information: prior to 2022.4.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Drawings Sdk
View allA vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows pla
Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attack
An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. Rated high severity (CVSS 7.8), this vulner
An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. Rated high severity (CVSS 7.8), this vulner
A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6
Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-su
An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. Rated high severity (CVSS 7.8), this vulnera
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnera
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnera
An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. Rated high severity (CVSS 7.8), this vulnera
An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.1
An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.1
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today