CVE-2021-44422
Open Design Alliance (ODA) Drawings Explorer BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.
Se presenta una vulnerabilidad de comprobación de entrada inapropiada cuando es leído un archivo BMP usando el SDK de dibujos de Open Design Alliance versiones anteriores a 2022.12. Los datos diseñados en un archivo BMP pueden desencadenar una operación de escritura más allá del final de un búfer asignado, o conllevar a un desbordamiento del búfer en la región heap de la memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar código en el contexto del proceso actual
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of BMP files. Crafted data in a BMP file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-29 CVE Reserved
- 2021-12-21 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.opendesign.com/security-advisories | 2021-12-27 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Opendesign Search vendor "Opendesign" | Drawings Sdk Search vendor "Opendesign" for product "Drawings Sdk" | < 2022.12 Search vendor "Opendesign" for product "Drawings Sdk" and version " < 2022.12" | - |
Affected
|