VYPR
Vendor

Open Design Alliance

Products
5
CVEs
50
Across products
50
Status
Private

Products

5

Recent CVEs

50
View all 50 CVEs →
  • CVE-2021-43272CriNov 14, 2021
    risk 0.64cvss 9.8epss 0.04

    An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to…

  • CVE-2021-43581HigNov 22, 2021
    risk 0.57cvss 8.8epss 0.01

    An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file,…

  • CVE-2024-8894HigDec 4, 2024
    risk 0.53cvss epss 0.00

    Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially…

  • CVE-2018-18224HigOct 19, 2018
    risk 0.53cvss 8.1epss 0.02

    A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain…

  • CVE-2018-18223HigOct 19, 2018
    risk 0.53cvss 8.1epss 0.02

    Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash.

  • CVE-2023-5180HigDec 26, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the…

  • CVE-2023-5179HigNov 7, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash,…

  • CVE-2023-22670HigApr 15, 2023
    risk 0.51cvss 7.8epss 0.00

    A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data…

  • CVE-2023-22669HigApr 15, 2023
    risk 0.51cvss 7.8epss 0.00

    Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the…

  • CVE-2023-26495HigApr 10, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.

  • CVE-2022-28809HigJul 17, 2022
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the…

  • CVE-2022-28808HigJul 17, 2022
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2022-28807HigJul 17, 2022
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current…

  • CVE-2022-23095HigJan 15, 2022
    risk 0.51cvss 7.8epss 0.01

    Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.

  • CVE-2021-44860HigDec 21, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage…

  • CVE-2021-44859HigDec 21, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage…

  • CVE-2021-44423HigDec 21, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can…

  • CVE-2021-44422HigDec 21, 2021
    risk 0.51cvss 7.8epss 0.01

    An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker…

  • CVE-2021-44048HigDec 5, 2021
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer.…

  • CVE-2021-44047HigDec 5, 2021
    risk 0.51cvss 7.8epss 0.01

    A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write…