Vulnerabilities in the ODA Drawings Software Development Kit
| Vulnerability Name | Description | Vulnerability Type | Affected Product Code Base | Attack Type | CVE Impact Other | Attack Vectors |
|---|---|---|---|---|---|---|
| CVE-2021-25178 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. | Buffer Overflow | Drawings SDK - All versions < 2021.11. Fixed in 2021.11 |
Context-dependent | This can allow attackers to cause a crash potentially enabling a denial of service attack or possible code execution. | To exploit vulnerability malformed drawing file should be opened via 'recover'. |
| CVE-2021-25177 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | Access of Resource Using Incompatible Type ('Type Confusion’) | Drawings SDK - All Versions < 2021.11. Fixed in 2021.11 |
Context-dependent | This can allow attackers to cause a crash potentially enabling a denial of service attack. | To exploit vulnerability malformed drawing file should be rendered. |
| CVE-2021-25176 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | Untrusted Pointer Dereference | Drawings SDK - All Versions < 2021.11. Fixed in 2021.11 |
Context-dependent | This can allow attackers to cause a crash potentially enabling a denial of service attack. | To exploit vulnerability malformed drawing file should be rendered. |
| CVE-2021-25175 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). | Incorrect Type Conversion or Cast | Drawings SDK - All Versions < 2021.11. Fixed in 2021.11 |
Context-dependent | This can allow attackers to cause a crash potentially enabling a denial of service attack. | To exploit vulnerability malformed drawing file should be rendered. |
| CVE-2021-25174 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart). | Memory Allocation with Excessive Size Value | Drawings SDK - All Versions < 2021.12. Fixed in 2021.12 |
Context-dependent | This can allow attackers to cause a crash potentially enabling a denial of service attack or possible code execution. | To exploit vulnerability malformed DGN file should be opened. |
| CVE-2021-25173 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart). | Memory Allocation with Excessive Size Value | Drawings SDK - All Versions < 2021.12. Fixed in 2021.12 |
Context-dependent | This can allow attackers to cause a crash potentially enabling a denial of service attack or possible code execution. | To exploit vulnerability malformed DGN file should be opened. |
| CVE-2018-18223 | Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash. | Buffer Overflow | Drawings SDK - 2019Update1 | Context-dependent | This can allow attackers to read sensitive information from other memory locations or cause a crash. | To exploit vulnerability broken drawing file should be opened. |
| CVE-2018-18224 | A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash. | Buffer Overflow | Drawings SDK - 2019Update1 | Context-dependent | This can allow attackers to read sensitive information from other memory locations or cause a crash. |