Skip to main content

Drawings Sdk CVE-2021-32936

HIGH
Out-of-bounds Write (CWE-787)
2021-06-17 ics-cert@hq.dhs.gov
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 17, 2021 - 13:15 nvd
HIGH 7.8

DescriptionNVD

An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

AnalysisAI

An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process. Affected products include: Opendesign Drawings Sdk, Siemens Comos, Siemens Jt2Go, Siemens Teamcenter Visualization. Version information: prior to 2022.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2018-18224 HIGH
8.1 Oct 19

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows pla

CVE-2018-18223 HIGH
8.1 Oct 19

Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attack

CVE-2023-5180 HIGH
7.8 Dec 26

An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. Rated high severity (CVSS 7.8), this vulner

CVE-2023-5179 HIGH
7.8 Nov 07

An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. Rated high severity (CVSS 7.8), this vulner

CVE-2023-22670 HIGH
7.8 Apr 15

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6

CVE-2023-22669 HIGH
7.8 Apr 15

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-su

CVE-2023-26495 HIGH
7.8 Apr 10

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. Rated high severity (CVSS 7.8), this vulnera

CVE-2022-28809 HIGH
7.8 Jul 17

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnera

CVE-2022-28808 HIGH
7.8 Jul 17

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnera

CVE-2022-28807 HIGH
7.8 Jul 17

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. Rated high severity (CVSS 7.8), this vulnera

CVE-2021-44860 HIGH
7.8 Dec 21

An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.1

CVE-2021-44859 HIGH
7.8 Dec 21

An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.1

Share

CVE-2021-32936 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy