// For flags

CVE-2024-8894

Out-of-bounds Write vulnerability in ODA SDK versions < 2025.10

Severity Score

8.1
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

Se descubrió una vulnerabilidad de escritura fuera de los límites en Open Design Alliance Drawings SDK antes de la versión 2025.10. La lectura de un archivo DWF creado y la omisión de las comprobaciones adecuadas en los datos de SectionIterator recibidos pueden desencadenar una excepción no controlada. Esto puede permitir que los atacantes provoquen un bloqueo, lo que podría permitir un ataque de denegación de servicio (bloqueo, salida o reinicio) o una posible ejecución de código.

*Credits: Vladislav Berghici
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
Active
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
None
None
Availability
High
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-09-16 CVE Reserved
  • 2024-12-04 CVE Published
  • 2024-12-04 CVE Updated
  • 2024-12-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
  • CAPEC-123: Buffer Manipulation
References (1)
URL Tag Source
https://www.opendesign.com/security-advisories
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
---- -