Drawings Software Development Kit

drawings_software_development_kit

Vendor: Opendesign • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-23095 1Opendesign 1Drawings Software Development Kit May 5, 2025 Jan 15, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code...Show more Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2021-43391 1Opendesign 1Drawings Software Development Kit Nov 21, 2024 Nov 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid...Show more An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2021-43390 1Opendesign 1Drawings Software Development Kit Nov 21, 2024 Nov 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack o...Show more An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2021-43336 2Opendesign Siemens 4Drawings Software Development Kit Jt2goSolid Edge+1 more Nov 21, 2024 Nov 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF...Show more An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2021-43280 1Opendesign 1Drawings Software Development Kit Nov 21, 2024 Nov 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied...Show more A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2021-43275 1Opendesign 1Drawings Software Development Kit Nov 21, 2024 Nov 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing ope...Show more A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2021-43274 1Opendesign 1Drawings Software Development Kit Nov 21, 2024 Nov 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an o...Show more A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.Show less
CVE-2021-25178 2Opendesign Siemens 4Comos Drawings Software Development KitJt2go+1 more Nov 21, 2024 Jan 18, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attacke...Show more An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.Show less
CVE-2021-25177 2Opendesign Siemens 4Comos Drawings Software Development KitJt2go+1 more Nov 21, 2024 Jan 18, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a d...Show more An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).Show less
CVE-2021-25176 2Opendesign Siemens 4Comos Drawings Software Development KitJt2go+1 more Nov 21, 2024 Jan 18, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling...Show more An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).Show less
CVE-2021-25175 2Opendesign Siemens 4Comos Drawings Software Development KitJt2go+1 more Nov 21, 2024 Jan 18, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a...Show more An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).Show less
CVE-2021-25174 2Opendesign Siemens 4Comos Drawings Software Development KitJt2go+1 more Nov 21, 2024 Jan 18, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial...Show more An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).Show less
CVE-2021-25173 2Opendesign Siemens 4Comos Drawings Software Development KitJt2go+1 more Nov 21, 2024 Jan 18, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potenti...Show more An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).Show less