Lucene search
China National Vulnerability DatabaseCNVD-2021-89163HistoryNov 16, 2021 - 12:00 a.m.
Open Design Alliance Drawings SDK Buffer Overflow Vulnerability (CNVD-2021-89163)
2021-11-1600:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
open design alliance
buffer overflow
vulnerability
dwf file read
stack-based
data validation
user-supplied data
process execution.
EPSS
0.002
Percentile
60.9%
Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The development package provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for the . A stack-based buffer overflow vulnerability exists in the DWF file read process. The issue is caused by a lack of proper validation of the length of user-supplied data before it is copied into a stack-based buffer. An attacker could exploit this vulnerability to execute code in the context of the current process.
Related
zdi
zdi
cvelist
cvelist
CVE-2021-43280
2021-11-14 20:58:03
cve
cve
CVE-2021-43280
2021-11-14 21:15:08
prion
prion
Stack overflow
2021-11-14 21:15:00
nvd
nvd
CVE-2021-43280
2021-11-14 21:15:08