exploitDog

CVE-2023-26495

Опубликовано: 10 апр. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.

Ссылки

https://www.opendesign.com/security-advisories
Vendor Advisory
https://www.opendesign.com/security-advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*

Версия до 2024.1 (исключая)

EPSS

Процентиль: 20%

0.00063

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

CWE-416

Связанные уязвимости

GHSA-f5cj-2ghc-vgwm

CVSS3: 7.8

github

почти 3 года назад

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.

EPSS

Процентиль: 20%

0.00063

Низкий

7.8 High

CVSS3

Дефекты

CWE-416

CWE-416