CVE-2023-5179
Description
An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds read in Open Design Alliance Drawings SDK before 2024.10 via crafted DGN file leads to crash or potential code execution.
Vulnerability
The vulnerability exists in Open Design Alliance Drawings SDK versions before 2024.10. A crafted DGN file with a corrupted value for the start of the MiniFat sector triggers an out-of-bounds read. This affects the parsing of DGN files.
Exploitation
An attacker can exploit this by providing a specially crafted DGN file to an application using the vulnerable SDK. No authentication is required if the application opens untrusted files. The attacker needs to convince a user or process to open the malicious file.
Impact
Successful exploitation can cause a crash, leading to denial of service. The description also notes potential for code execution, though not confirmed.
Mitigation
The vendor, Open Design Alliance, has fixed this issue in Drawings SDK version 2024.10. Users should update to that version or later. The advisory is available at the ODA security advisories page [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <2024.10
- Open Design Alliance/ODA Drawings SDK - All Versions < 2024.10v5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.opendesign.com/security-advisoriesmitrevendor-advisory
News mentions
0No linked articles in our index yet.