Описание
An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2024.10 (исключая)
cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00092
Низкий
7.8 High
CVSS3
Дефекты
CWE-125
CWE-125
EPSS
Процентиль: 26%
0.00092
Низкий
7.8 High
CVSS3
Дефекты
CWE-125
CWE-125