CVE-2025-10021

Опубликовано: 22 дек. 2025

Источник: nvd

EPSS Низкий

Описание

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units (Static Initialization Order Fiasco), the application accesses uninitialized memory. This results in application crash on startup, causing denial of service. Due to undefined behavior, memory corruption and potential arbitrary code execution cannot be ruled out in specific exploitation scenarios.

Ссылки

https://www.opendesign.com/security-advisories

EPSS

Процентиль: 6%

0.00023

Низкий

Дефекты

CWE-457

Связанные уязвимости

GHSA-rx6r-89fc-6xm2

github

около 2 месяцев назад

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across translation units (Static Initialization Order Fiasco), the application accesses uninitialized memory. This results in application crash on startup, causing denial of service. Due to undefined behavior, memory corruption and potential arbitrary code execution cannot be ruled out in specific exploitation scenarios.

EPSS

Процентиль: 6%

0.00023

Низкий

Дефекты

CWE-457