CVE-2021-43274 – Open Design Alliance (ODA) ODAViewer DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43274
A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Se presenta una vulnerabilidad de uso de memoria previamente liberada en Open Design Alliance Drawings SDK versiones anteriores a 2022.11. • https://www.opendesign.com/security-advisories • CWE-416: Use After Free •
CVE-2021-43275 – Open Design Alliance (ODA) ODAViewer DGN File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43275
A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de Uso de Memoria previamente Liberada en el procedimiento de lectura de archivos DGN en Open Design Alliance Drawings SDK versiones anteriores a 2022.8. El problema es debido a que no se comprueba la existencia de un objeto antes de llevar a cabo operaciones con él. • https://www.opendesign.com/security-advisories • CWE-416: Use After Free •
CVE-2021-25173 – Siemens JT2Go DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25173
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart). Se detectó un problema en Open Design Alliance Drawings SDK versiones anteriores a 2021.12. Se presenta una vulnerabilidad de asignación de la memoria con un tamaño excesivo al leer archivos DGN malformados, lo que permite a los atacantes causar un bloqueo, permitiendo potencialmente un ataque de denegación de servicio (Bloqueo, Salida o Reinicio) This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-225 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2021-25174 – Siemens JT2Go DGN File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25174
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart). Se detectó un problema en Open Design Alliance Drawings SDK versiones anteriores a 2021.12. Se presenta una vulnerabilidad de corrupción de la memoria al leer archivos DGN malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-226 • CWE-787: Out-of-bounds Write •
CVE-2021-25175 – Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25175
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Se detectó un problema en el SDK de dibujos de Open Design Alliance anterior a la versión 2021.11. Existe un problema de conversión de tipos al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-218 https://www.zerodayinitiative.com/advisories/ZDI-21-223 https://www.zerodayinitiative.com/advisories/ZDI-21-224 https://www.zerodayinitiative.com/advisories/ZDI-21-244 https://www.zerodayinitiative.com/advisories/ZDI-21-245 https://www.zerodayinitiative.com/advisories/ZDI-2 • CWE-704: Incorrect Type Conversion or Cast •