Skip to main content

Open Design Alliance Drawings SDK CVE-2024-8894

HIGH
Out-of-bounds Write (CWE-787)
2024-12-04 8a9629cb-c5e7-4d2a-a894-111e8039b7ea
8.1
CVSS 4.0 · Vendor: 8a9629cb-c5e7-4d2a-a894-111e8039b7ea
Share

Severity by source

Vendor (8a9629cb-c5e7-4d2a-a894-111e8039b7ea) PRIMARY
8.1 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (8a9629cb-c5e7-4d2a-a894-111e8039b7ea) · only source for this CVE.

CVSS VectorVendor: 8a9629cb-c5e7-4d2a-a894-111e8039b7ea

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

1
CVE Published
Dec 04, 2024 - 12:15 cve.org
HIGH 8.1

DescriptionCVE.org

Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

AnalysisAI

Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. Version information: before 2025.10..

Affected ProductsAI

Open Design Alliance Drawings SDK.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

Share

CVE-2024-8894 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy