Drawings SDK

CVEs (33)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-8894	Open Design Alliance Drawings SDK	Hig	0.53	—	0.00	Dec 4, 2024	Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially…
CVE-2025-10021	Open Design Alliance Drawings SDK	Hig	0.46	—	0.00	Dec 22, 2025	A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects…
CVE-2023-5179	Open Design Alliance Drawings SDK		0.00	—	0.00	Nov 7, 2023	An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash,…
CVE-2023-22670	Open Design Alliance Drawings SDK		0.00	—	0.00	Apr 15, 2023	A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data…
CVE-2023-22669	Open Design Alliance Drawings SDK		0.00	—	0.00	Apr 15, 2023	Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the…
CVE-2023-26495	Open Design Alliance Drawings SDK		0.00	—	0.00	Apr 10, 2023	An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.
CVE-2022-28807	Open Design Alliance Drawings SDK		0.00	—	0.00	Jul 17, 2022	An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current…
CVE-2022-23095	Open Design Alliance Drawings SDK		0.00	—	0.01	Jan 15, 2022	Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-44859	Open Design Alliance Drawings SDK		0.00	—	0.00	Dec 21, 2021	An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage…
CVE-2021-44860	Open Design Alliance Drawings SDK		0.00	—	0.00	Dec 21, 2021	An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage…
CVE-2021-44422	Open Design Alliance Drawings SDK		0.00	—	0.01	Dec 21, 2021	An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker…
CVE-2021-44047	Open Design Alliance Drawings SDK		0.00	—	0.00	Dec 5, 2021	A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write…
CVE-2021-44045	Open Design Alliance Drawings SDK		0.00	—	0.00	Dec 5, 2021	An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger…
CVE-2021-44044	Open Design Alliance Drawings SDK		0.00	—	0.00	Dec 5, 2021	An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the…
CVE-2021-43582	Open Design Alliance Drawings SDK		0.00	—	0.01	Nov 22, 2021	A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing…
CVE-2021-43280	Open Design Alliance Drawings SDK		0.00	—	0.01	Nov 14, 2021	A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An…
CVE-2021-43390	Open Design Alliance Drawings SDK		0.00	—	0.00	Nov 14, 2021	An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write…
CVE-2021-43278	Open Design Alliance Drawings SDK		0.00	—	0.00	Nov 14, 2021	An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to…
CVE-2021-43275	Open Design Alliance Drawings SDK		0.00	—	0.01	Nov 14, 2021	A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this…
CVE-2021-43274	Open Design Alliance Drawings SDK		0.00	—	0.01	Nov 14, 2021	A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An…

CVE-2024-8894HigDec 4, 2024
Open Design Alliance
Drawings SDK
risk 0.53cvss —epss 0.00
Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially…
CVE-2025-10021HigDec 22, 2025
Open Design Alliance
Drawings SDK
risk 0.46cvss —epss 0.00
A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects…
CVE-2023-5179Nov 7, 2023
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash,…
CVE-2023-22670Apr 15, 2023
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data…
CVE-2023-22669Apr 15, 2023
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the…
CVE-2023-26495Apr 10, 2023
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.
CVE-2022-28807Jul 17, 2022
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current…
CVE-2022-23095Jan 15, 2022
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.01
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2021-44859Dec 21, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage…
CVE-2021-44860Dec 21, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage…
CVE-2021-44422Dec 21, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.01
An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker…
CVE-2021-44047Dec 5, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write…
CVE-2021-44045Dec 5, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger…
CVE-2021-44044Dec 5, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the…
CVE-2021-43582Nov 22, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.01
A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing…
CVE-2021-43280Nov 14, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.01
A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An…
CVE-2021-43390Nov 14, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write…
CVE-2021-43278Nov 14, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.00
An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to…
CVE-2021-43275Nov 14, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.01
A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this…
CVE-2021-43274Nov 14, 2021
Open Design Alliance
Drawings SDK
risk 0.00cvss —epss 0.01
A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An…

Page 1 of 2