CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2021-43272 – Open Design Alliance (ODA) ODAViewer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43272
An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping upon an exception. An attacker can leverage this vulnerability to execute code in the context of the current process. Una vulnerabilidad de manejo inapropiado de condiciones excepcionales es presentado en Open Design Alliance ODA Viewer sample versiones anteriores a 2022.11. ODA Viewer continúa procesando archivos DWF inválidos o maliciosos en lugar de detenerse ante una excepción. • https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-1358 https://www.zerodayinitiative.com/advisories/ZDI-21-1360 https://www.zerodayinitiative.com/advisories/ZDI-21-1363 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43280 – Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43280
A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el procedimiento de lectura de archivos DWF en Open Design Alliance Drawings SDK versiones anteriores a 2022.8. El problema resulta de la falta de comprobación apropiada de la longitud de los datos suministrados por el usuario antes de copiarlos en un búfer en la región stack de la memoria. • https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-1340 https://www.zerodayinitiative.com/advisories/ZDI-21-1341 https://www.zerodayinitiative.com/advisories/ZDI-21-1342 https://www.zerodayinitiative.com/advisories/ZDI-21-1343 https://www.zerodayinitiative.com/advisories/ZDI-21-1345 https://www.zerodayinitiative.com/advisories/ZDI-21-1355 https://www.zerodayinitiative.com/advisories/ZDI-21-1356 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43390 – Open Design Alliance (ODA) ODAViewer DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43390
An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de escritura fuera de límites cuando es leído un archivo DGN usando Open Design Alliance Drawings SDK versiones anteriores a 2022.11. • https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-1347 https://www.zerodayinitiative.com/advisories/ZDI-21-1348 https://www.zerodayinitiative.com/advisories/ZDI-21-1362 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43279 – Open Design Alliance (ODA) ODAViewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43279
An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Se presenta una vulnerabilidad de escritura fuera de límites en el procedimiento de lectura de archivos U3D en Open Design Alliance PRC SDK versiones anteriores a 2022.10. Los datos diseñados en un archivo U3D pueden desencadenar una escritura más allá del final de un búfer asignado. • https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-1337 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43273 – Open Design Alliance (ODA) Drawings Explorer DGN File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-43273
An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de lectura fuera de límites en el procedimiento de lectura de archivos DGN en Open Design Alliance Drawings SDK versiones anteriores a 2022.11. Los datos diseñados en un archivo DGN y la falta de verificación de los datos de entrada pueden desencadenar una lectura más allá del final de un búfer asignado. • https://www.opendesign.com/security-advisories https://www.zerodayinitiative.com/advisories/ZDI-21-1281 https://www.zerodayinitiative.com/advisories/ZDI-21-1291 https://www.zerodayinitiative.com/advisories/ZDI-21-1351 https://www.zerodayinitiative.com/advisories/ZDI-21-1357 • CWE-125: Out-of-bounds Read •