CVE-2021-44860

Vulnerability

An out-of-bounds read vulnerability exists in the Open Design Alliance Drawings SDK before version 2022.12 when processing TIF files. The specific issue occurs after loading a TIF file where unchecked input data leads to reading beyond the allocated buffer. Versions prior to 2022.12 are affected [1].

Exploitation

An attacker can exploit this vulnerability by supplying a specially crafted TIF file to an application that uses the vulnerable SDK. No special network position or authentication is required; the attacker only needs to convince the victim to open the malicious file (e.g., via email attachment or web download). The out-of-bounds read occurs during file parsing.

Impact

Successful exploitation could allow an attacker to execute arbitrary code in the context of the current process. This can lead to full compromise of the affected system, including data disclosure, modification, or further attacks [1].

Mitigation

The vulnerability is fixed in ODA Drawings SDK version 2022.12. Users should upgrade to this version or later. If upgrading is not possible, avoid opening TIF files from untrusted sources. No other workarounds are documented [1].