opendesign 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption、バッファオーバーフロー, and vendor risk input validation があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact memory corruption、アプリケーションクラッシュ, and vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-5180 | An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. | 8a9629cb-c5e7-4d2a-a894-111e8039b7ea | 7.8 | 0.04% | 2023-12-26 | 2024-11-21 |
| CVE-2023-5179 | An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. | 8a9629cb-c5e7-4d2a-a894-111e8039b7ea | 7.8 | 0.06% | 2023-11-07 | 2024-11-21 |
| CVE-2023-22670 | A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.06% | 2023-04-15 | 2025-05-05 |
| CVE-2023-22669 | Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.07% | 2023-04-15 | 2025-05-05 |
| CVE-2023-26495 | An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code. | [email protected] | 7.8 | 0.06% | 2023-04-10 | 2025-02-11 |
| CVE-2022-28809 | An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.11% | 2022-07-17 | 2024-11-21 |
| CVE-2022-28808 | An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.06% | 2022-07-17 | 2024-11-21 |
| CVE-2022-28807 | An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.06% | 2022-07-17 | 2024-11-21 |
| CVE-2022-23095 | Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 1.10% | 2022-01-15 | 2025-05-05 |
| CVE-2021-44860 | An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.44% | 2021-12-21 | 2024-11-21 |
| CVE-2021-44859 | An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.44% | 2021-12-21 | 2024-11-21 |
| CVE-2021-44423 | An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.41% | 2021-12-21 | 2024-11-21 |
| CVE-2021-44422 | An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.75% | 2021-12-21 | 2024-11-21 |
| CVE-2021-44048 | An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.33% | 2021-12-05 | 2024-11-21 |
| CVE-2021-44047 | A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.42% | 2021-12-05 | 2024-11-21 |
| CVE-2021-44046 | An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.28% | 2021-12-05 | 2024-11-21 |
| CVE-2021-44045 | An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.34% | 2021-12-05 | 2024-11-21 |
| CVE-2021-44044 | An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.37% | 2021-12-05 | 2024-11-21 |
| CVE-2021-43582 | A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 7.8 | 0.53% | 2021-11-22 | 2024-11-21 |
| CVE-2021-43581 | An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | [email protected] | 8.8 | 0.51% | 2021-11-22 | 2024-11-21 |