Skip to main content

Drawings Sdk CVE-2021-43582

HIGH
Use After Free (CWE-416)
2021-11-22 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 22, 2021 - 09:15 nvd
HIGH 7.8

DescriptionNVD

A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

AnalysisAI

A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Affected products include: Opendesign Drawings Sdk. Version information: before 2022.11..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

CVE-2018-18224 HIGH
8.1 Oct 19

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows pla

CVE-2018-18223 HIGH
8.1 Oct 19

Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attack

CVE-2023-5180 HIGH
7.8 Dec 26

An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. Rated high severity (CVSS 7.8), this vulner

CVE-2023-5179 HIGH
7.8 Nov 07

An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. Rated high severity (CVSS 7.8), this vulner

CVE-2023-22670 HIGH
7.8 Apr 15

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6

CVE-2023-22669 HIGH
7.8 Apr 15

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-su

CVE-2023-26495 HIGH
7.8 Apr 10

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. Rated high severity (CVSS 7.8), this vulnera

CVE-2022-28809 HIGH
7.8 Jul 17

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnera

CVE-2022-28808 HIGH
7.8 Jul 17

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnera

CVE-2022-28807 HIGH
7.8 Jul 17

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. Rated high severity (CVSS 7.8), this vulnera

CVE-2021-44860 HIGH
7.8 Dec 21

An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.1

CVE-2021-44859 HIGH
7.8 Dec 21

An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.1

Share

CVE-2021-43582 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy