CVE-2022-23095 – Open Design Alliance (ODA) Drawings Explorer JPG File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-23095
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. Open Design Alliance Drawings SDK versiones anteriores a 2022.12.1, maneja inapropiadamente la carga de archivos JPG. Los datos de entrada no comprobados de un archivo JPG diseñado conllevan a una corrupción de la memoria. • https://www.opendesign.com/security-advisories • CWE-787: Out-of-bounds Write •
CVE-2021-43280 – Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43280
A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el procedimiento de lectura de archivos DWF en Open Design Alliance Drawings SDK versiones anteriores a 2022.8. El problema resulta de la falta de comprobación apropiada de la longitud de los datos suministrados por el usuario antes de copiarlos en un búfer en la región stack de la memoria. • https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-1340 https://www.zerodayinitiative.com/advisories/ZDI-21-1341 https://www.zerodayinitiative.com/advisories/ZDI-21-1342 https://www.zerodayinitiative.com/advisories/ZDI-21-1343 https://www.zerodayinitiative.com/advisories/ZDI-21-1345 https://www.zerodayinitiative.com/advisories/ZDI-21-1355 https://www.zerodayinitiative.com/advisories/ZDI-21-1356 • CWE-787: Out-of-bounds Write •
CVE-2021-43390 – Open Design Alliance (ODA) ODAViewer DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43390
An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de escritura fuera de límites cuando es leído un archivo DGN usando Open Design Alliance Drawings SDK versiones anteriores a 2022.11. • https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-1347 https://www.zerodayinitiative.com/advisories/ZDI-21-1348 https://www.zerodayinitiative.com/advisories/ZDI-21-1362 • CWE-787: Out-of-bounds Write •
CVE-2021-43336 – Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43336
An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de escritura fuera de límites cuando es leído un archivo DXF usando Open Design Alliance Drawings SDK versiones anteriores a 2022.11. • https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-22-334 • CWE-787: Out-of-bounds Write •
CVE-2021-43391 – Open Design Alliance (ODA) ODAViewer DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43391
An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de lectura fuera de límites cuando es leído un archivo DXF usando Open Design Alliance Drawings SDK versiones anteriores a 2022.11. • https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-1352 https://www.zerodayinitiative.com/advisories/ZDI-21-1361 • CWE-125: Out-of-bounds Read •