Vulnerabilities > CVE-2021-44422 - Out-of-bounds Write vulnerability in Opendesign Drawings SDK

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

opendesign

CWE-787

NVD

Published: 2021-12-21

Updated: 2021-12-27

Summary

An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.

Vulnerable Configurations

Part	Description	Count
Application	Opendesign Opendesign Drawings SDK - Opendesign Drawings SDK 2019 Opendesign Drawings SDK 2021.11 Opendesign Drawings SDK 2021.12 Opendesign Drawings SDK 2022.11	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.opendesign.com/security-advisories