Vulnerabilities > CVE-2023-22669 - Out-of-bounds Write vulnerability in Opendesign Drawings SDK

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

opendesign

CWE-787

NVD

Published: 2023-04-15

Updated: 2023-04-25

Summary

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Vulnerable Configurations

Part	Description	Count
Application	Opendesign Opendesign Drawings SDK - Opendesign Drawings SDK 2019 Opendesign Drawings SDK 2021.11 Opendesign Drawings SDK 2021.12 Opendesign Drawings SDK 2022.11 Opendesign Drawings SDK 2022.12 Opendesign Drawings SDK 2023.2	7

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.opendesign.com/security-advisories