Skip to main content

Drawings Sdk CVE-2023-5180

HIGH
Out-of-bounds Write (CWE-787)
2023-12-26 8a9629cb-c5e7-4d2a-a894-111e8039b7ea
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 26, 2023 - 09:15 nvd
HIGH 7.8

DescriptionNVD

An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.

AnalysisAI

An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. Affected products include: Opendesign Drawings Sdk. Version information: before 2024.12..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2018-18224 HIGH
8.1 Oct 19

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows pla

CVE-2018-18223 HIGH
8.1 Oct 19

Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attack

CVE-2023-5179 HIGH
7.8 Nov 07

An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. Rated high severity (CVSS 7.8), this vulner

CVE-2023-22670 HIGH
7.8 Apr 15

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6

CVE-2023-22669 HIGH
7.8 Apr 15

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-su

CVE-2023-26495 HIGH
7.8 Apr 10

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. Rated high severity (CVSS 7.8), this vulnera

CVE-2022-28809 HIGH
7.8 Jul 17

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnera

CVE-2022-28808 HIGH
7.8 Jul 17

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. Rated high severity (CVSS 7.8), this vulnera

CVE-2022-28807 HIGH
7.8 Jul 17

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. Rated high severity (CVSS 7.8), this vulnera

CVE-2021-44860 HIGH
7.8 Dec 21

An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.1

CVE-2021-44859 HIGH
7.8 Dec 21

An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.1

CVE-2021-44422 HIGH
7.8 Dec 21

An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before

Share

CVE-2023-5180 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy