← Back

CVE-2021-43336

nvd nist
Published: Nov 14, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Affected (6)

Opendesign
1 product
Drawings Software Development Kit
Siemens
3 products
Jt2go
Solid Edge
Teamcenter Visualization
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Drawings Software Development Kit
Before 2022.11
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Jt2go
All versions
Solid Edge
Version se2022
Siemens
Teamcenter Visualization
From 12.4.0 to 12.4.0.13
Teamcenter Visualization
From 13.2.0 to 13.3.0.1
Teamcenter Visualization
Version 13.1.0

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.