Vulnerabilities > CVE-2021-44422 - Out-of-bounds Write vulnerability in Opendesign Drawings SDK

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

opendesign

CWE-787

NVD

Published: 2021-12-21

Updated: 2021-12-27

Summary

An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.

Vulnerable Configurations

Part	Description	Count
Application	Opendesign Opendesign Drawings SDK - Opendesign Drawings SDK 2019 Opendesign Drawings SDK 2021.11 Opendesign Drawings SDK 2021.12 Opendesign Drawings SDK 2022.11	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.opendesign.com/security-advisories