CVE-2022-28809
https://notcve.org/view.php?id=CVE-2022-28809
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process. Se ha detectado un problema en Open Design Alliance Drawings SDK antes de 2023.3. Se presenta una vulnerabilidad de lectura fuera de límites cuando es leído un archivo DWG con un número de vértices no válido en un modo de recuperación. • https://www.opendesign.com/security-advisories • CWE-306: Missing Authentication for Critical Function •
CVE-2022-28808
https://notcve.org/view.php?id=CVE-2022-28808
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process. Se ha detectado un problema en Open Design Alliance Drawings SDK versiones anteriores a 2023.3. Se presenta una vulnerabilidad de lectura fuera de límites cuando se leen archivos DWG en modo de recuperación. • https://www.opendesign.com/security-advisories • CWE-125: Out-of-bounds Read •
CVE-2022-28807
https://notcve.org/view.php?id=CVE-2022-28807
An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process. Se ha detectado un problema en Open Design Alliance Drawings SDK anterior a 2023.2. Se presenta una vulnerabilidad de lectura fuera de límites cuando es renderizado un archivo .dwg después de abrirlo en el modo de recuperación. • https://www.opendesign.com/security-advisories • CWE-125: Out-of-bounds Read •
CVE-2022-23095 – Open Design Alliance (ODA) Drawings Explorer JPG File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-23095
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. Open Design Alliance Drawings SDK versiones anteriores a 2022.12.1, maneja inapropiadamente la carga de archivos JPG. Los datos de entrada no comprobados de un archivo JPG diseñado conllevan a una corrupción de la memoria. • https://www.opendesign.com/security-advisories • CWE-787: Out-of-bounds Write •
CVE-2021-44860 – Open Design Alliance (ODA) Drawings Explorer TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-44860
An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de lectura fuera de límites cuando es leído un archivo TIF usando Open Design Alliance Drawings SDK versiones anteriores a 2022.12. • https://www.opendesign.com/security-advisories • CWE-125: Out-of-bounds Read •