VYPR

Drawings SDK

by Open Design Alliance

CVEs (41)

  • CVE-2021-43390HigNov 14, 2021
    risk 0.51cvss 7.8epss 0.02

    An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write…

  • CVE-2021-43336HigNov 14, 2021
    risk 0.51cvss 7.8epss 0.02

    An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a…

  • CVE-2021-43280HigNov 14, 2021
    risk 0.51cvss 7.8epss 0.02

    A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An…

  • CVE-2021-43278HigNov 14, 2021
    risk 0.51cvss 7.8epss 0.01

    An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to…

  • CVE-2021-43275HigNov 14, 2021
    risk 0.51cvss 7.8epss 0.01

    A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this…

  • CVE-2021-43274HigNov 14, 2021
    risk 0.51cvss 7.8epss 0.01

    A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An…

  • CVE-2021-32948HigJun 17, 2021
    risk 0.51cvss 7.8epss 0.03

    An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to…

  • CVE-2021-32944HigJun 17, 2021
    risk 0.51cvss 7.8epss 0.03

    A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause…

  • CVE-2021-32936HigJun 17, 2021
    risk 0.51cvss 7.8epss 0.03

    An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to…

  • CVE-2021-32946HigJun 17, 2021
    risk 0.51cvss 7.8epss 0.03

    An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow…

  • CVE-2021-31784HigApr 26, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack…

  • CVE-2021-25178HigJan 18, 2021
    risk 0.51cvss 7.8epss 0.03

    An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of…

  • CVE-2021-25177HigJan 18, 2021
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

  • CVE-2021-25176HigJan 18, 2021
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

  • CVE-2021-25175HigJan 18, 2021
    risk 0.51cvss 7.8epss 0.03

    An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

  • CVE-2021-25174HigJan 18, 2021
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).

  • CVE-2021-25173HigJan 18, 2021
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).

  • CVE-2025-10021HigDec 22, 2025
    risk 0.46cvss epss 0.00

    A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects…

  • CVE-2021-32950HigJun 17, 2021
    risk 0.46cvss 7.1epss 0.02

    An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a…

  • CVE-2021-32940HigJun 17, 2021
    risk 0.46cvss 7.1epss 0.02

    An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to…