Drawings Software Development Kit Opendesign Drawings Software Development Kit

Do you want an email whenever new security vulnerabilities are reported in Opendesign Drawings Software Development Kit?

By the Year

In 2022 there have been 1 vulnerability in Opendesign Drawings Software Development Kit with an average score of 7.8 out of ten. Last year Drawings Software Development Kit had 12 security vulnerabilities published. Right now, Drawings Software Development Kit is on track to have less security vulnerabilities in 2022 than it did last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2022 and last year was the same.

Year Vulnerabilities Average Score
2022 1 7.80
2021 12 7.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Drawings Software Development Kit vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Opendesign Drawings Software Development Kit Security Vulnerabilities

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files

CVE-2022-23095 7.8 - High - January 15, 2022

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.

A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11

CVE-2021-43274 7.8 - High - November 14, 2021

A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

Dangling pointer

An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11

CVE-2021-43391 7.8 - High - November 14, 2021

An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Out-of-bounds Read

An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11

CVE-2021-43390 7.8 - High - November 14, 2021

An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11

CVE-2021-43336 7.8 - High - November 14, 2021

An Out-of-Bounds Write vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8

CVE-2021-43280 7.8 - High - November 14, 2021

A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Memory Corruption

A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8

CVE-2021-43275 7.8 - High - November 14, 2021

A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

Dangling pointer

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12

CVE-2021-25173 7.8 - High - January 18, 2021

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).

Allocation of Resources Without Limits or Throttling

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12

CVE-2021-25174 7.8 - High - January 18, 2021

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).

Memory Corruption

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11

CVE-2021-25175 7.8 - High - January 18, 2021

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

Incorrect Type Conversion or Cast

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11

CVE-2021-25176 7.8 - High - January 18, 2021

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

NULL Pointer Dereference

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11

CVE-2021-25177 7.8 - High - January 18, 2021

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

Object Type Confusion

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11

CVE-2021-25178 7.8 - High - January 18, 2021

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Siemens Comos or by Opendesign? Click the Watch button to subscribe.

Opendesign
Vendor

subscribe