CVE-2021-43280

Опубликовано: 14 нояб. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Ссылки

https://www.opendesign.com/security-advisories
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1340/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1341/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1342/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1343/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1345/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1355/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1356/
Third Party Advisory
VDB Entry
https://www.opendesign.com/security-advisories
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-1340/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1341/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1342/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1343/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1345/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1355/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1356/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opendesign:drawings_software_development_kit:*:*:*:*:*:*:*:*

Версия до 2022.8 (исключая)

EPSS

Процентиль: 80%

0.01398

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-j54v-xxhq-f43f

github

больше 3 лет назад