CVE-2021-43582
Description
A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A use-after-free bug in Open Design Alliance Drawings SDK before 2022.11 allows remote code execution via a crafted DWG file.
Vulnerability
A use-after-free vulnerability exists in the Open Design Alliance Drawings SDK versions prior to 2022.11 [1]. The specific flaw occurs during the parsing of DWG files, within the Drawings Explorer component [2]. The issue results from the lack of validating the existence of an object prior to performing operations on it, leading to a use-after-free condition [2].
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a specially crafted DWG file or to visit a malicious page that triggers the file parsing [2]. User interaction is required. No additional privileges are needed beyond the ability to deliver the file to the target [2].
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the current process [1][2]. This can lead to full compromise of the affected system, including confidentiality, integrity, and availability (CIA) impacts [2].
Mitigation
The vulnerability is fixed in Open Design Alliance Drawings SDK version 2022.11 [1]. Users should update to this version or later. No workarounds are documented in the available references [1][2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Open Design Alliance/Drawings SDKdescription
- Range: <2022.11
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.opendesign.com/security-advisoriesmitrex_refsource_MISC
- www.zerodayinitiative.com/advisories/ZDI-21-1353/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.