CVE-2021-32950
Description
An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read in the DXF parsing of Open Design Alliance Drawings SDK before 2022.4 can lead to denial of service or information disclosure.
Vulnerability
An out-of-bounds read vulnerability exists in the DXF file parsing component of the Open Design Alliance Drawings SDK, affecting all versions prior to 2022.4 [1]. The issue stems from a lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer [2].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a specially crafted DXF file, either by visiting a malicious webpage or opening a malicious file attachment [2]. No authentication is required, but user interaction is necessary. The attack complexity is low [1].
Impact
Successful exploitation allows an attacker to cause a denial-of-service condition or read sensitive information from memory [1]. The CVSS v3 base score for this specific out-of-bounds read is 4.4 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L) according to CISA [1], while the ZDI advisory lists a CVSS score of 3.3 under similar vector string [2]. The attacker may also leverage this vulnerability in conjunction with others to achieve arbitrary code execution in the context of the current process [2].
Mitigation
Open Design Alliance has released Drawings SDK version 2022.4, which contains fixes for this vulnerability [1]. Users are advised to upgrade to version 2022.4 or later. No known workarounds have been provided [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Drawings SDK/Drawings SDKdescription
- Range: <2022.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- cert-portal.siemens.com/productcert/pdf/ssa-155599.pdfmitrex_refsource_CONFIRM
- cert-portal.siemens.com/productcert/pdf/ssa-365397.pdfmitrex_refsource_CONFIRM
- us-cert.cisa.gov/ics/advisories/icsa-21-159-02mitrex_refsource_MISC
- www.zerodayinitiative.com/advisories/ZDI-21-988/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.