CVE-2021-44423
Description
An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds read in ODA Drawings Explorer before 2022.12 allows code execution via a crafted BMP file.
Vulnerability
An out-of-bounds read vulnerability exists in Open Design Alliance (ODA) Drawings Explorer versions before 2022.12 when processing BMP files. The issue occurs due to insufficient validation of input data from a crafted BMP file, leading to an out-of-bounds read operation.
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted BMP file to a user. The user must open the file using ODA Drawings Explorer. No special network position or authentication is required; the attack vector is local file opening.
Impact
Successful exploitation allows an attacker to execute arbitrary code in the context of the current process. This can lead to full compromise of the affected system, including data disclosure, modification, or denial of service.
Mitigation
The vulnerability is fixed in ODA Drawings Explorer version 2022.12. Users should upgrade to this version or later. No workarounds are documented in the available references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Open Design Alliance/Drawings Explorerdescription
- Range: <2022.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.opendesign.com/security-advisoriesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.