CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23095 – Open Design Alliance (ODA) Drawings Explorer JPG File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-23095
13 Jan 2022 — Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. Open Design Alliance Drawings SDK versiones anteriores a 2022.12.1, maneja inapropiadamente la carga de archivos JPG. Los datos de entrada no comprobados de un archivo JPG diseñado conllevan a una corrupción de la memoria. • https://www.opendesign.com/security-advisories • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43280 – Open Design Alliance (ODA) Drawings Explorer DWF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43280
14 Nov 2021 — A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en el procedimiento de lectura de archivos DWF en Ope... • https://www.opendesign.com/security-advisories • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43390 – Open Design Alliance (ODA) ODAViewer DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43390
14 Nov 2021 — An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de escritura fuera de límites cuando es leído un archivo DGN ... • https://www.opendesign.com/security-advisories • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43391 – Open Design Alliance (ODA) ODAViewer DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43391
14 Nov 2021 — An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de lectura fuera de límites cuando es leído un archivo DXF usando Open Design... • https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-43336 – Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43336
14 Nov 2021 — An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de escritura fuera de límites cuando es leído un ... • https://cert-portal.siemens.com/productcert/pdf/ssa-301589.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43274 – Open Design Alliance (ODA) ODAViewer DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43274
10 Nov 2021 — A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Se presenta una vulnerabilidad de uso de memoria previamente liberada en Open Design Alliance Drawings ... • https://www.opendesign.com/security-advisories • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43275 – Open Design Alliance (ODA) ODAViewer DGN File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-43275
10 Nov 2021 — A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Se presenta una vulnerabilidad de Uso de Memoria previamente Liberada en el procedimiento de lectura de archivos DGN en Open Design Alliance Drawings SDK versiones anteri... • https://www.opendesign.com/security-advisories • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25173 – Siemens JT2Go DGN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25173
18 Jan 2021 — An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart). Se detectó un problema en Open Design Alliance Drawings SDK versiones anteriores a 2021.12. Se presenta una vulnerabilidad de asignación de la memoria con un tamaño excesivo al leer archivos DGN malformados, lo que permite a los... • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25174 – Siemens JT2Go DGN File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25174
18 Jan 2021 — An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart). Se detectó un problema en Open Design Alliance Drawings SDK versiones anteriores a 2021.12. Se presenta una vulnerabilidad de corrupción de la memoria al leer archivos DGN malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25175 – Siemens JT2Go DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-25175
18 Jan 2021 — An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart). Se detectó un problema en el SDK de dibujos de Open Design Alliance anterior a la versión 2021.11. Existe un problema de conversión de tipos al renderizar archivos .DXF y .DWG malformados. • https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf • CWE-704: Incorrect Type Conversion or Cast •