Lucene search

[email protected]CVE-2023-22669

HistoryApr 15, 2023 - 1:15 a.m.

CVE-2023-22669

2023-04-1501:15:06

CWE-787

[email protected]

web.nvd.nist.gov

cve

2023

22669

open design alliance

drawings sdk

validation

xrecord

buffer

code execution

security vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

27.2%

JSON

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Affected configurations

NVD

Node

opendesigndrawings_sdkRange<2023.6

CPENameOperatorVersion
opendesign:drawings_sdkopendesign drawings sdklt2023.6

CPE	Name	Operator	Version
opendesign:drawings_sdk	opendesign drawings sdk	lt	2023.6

References

www.opendesign.com/security-advisories

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

27.2%

JSON

Related for CVE-2023-22669

cnvd1 zdi2 prion1 cvelist1 nvd1 ics3