25 matches found
Siemens COMOS
SUMMARY COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...
CVE-2023-22669
Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...
CVE-2023-26495
An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code...
PT-2023-6728 · Open Design Alliance · Open Design Alliance Drawings Sdk
Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2023.6 Description: The issue is related to a heap-based buffer overflow in the parsing of DWG files. This occurs due to a lack of proper validation of the length of user-supplied XRecord da...
CVE-2022-28807
An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process...
CVE-2022-23095
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process...
CVE-2021-44859
An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability...
CVE-2021-44047
A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end ...
CVE-2021-44047
A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end ...
CVE-2021-44045
An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation...
CVE-2021-44044
An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG 4 extraneous bytes before the marker 0xca can trigger a write operation past the end of an allocated...
Open Design Alliance Drawings SDK 缓冲区错误漏洞
Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides easy, object-oriented API access to data in .dwg and .dgn, C API, file repair support, support for . code execution...
PT-2021-24031 · Open Design Alliance · Open Design Alliance Drawings Sdk
Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11 Description: The issue exists within the parsing of DGN files, where crafted data and a lack of proper validation for the XFAT sectors count can trigger a write operation past the en...
Open Design Alliance Drawings SDK 缓冲区错误漏洞
Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for . The vulnerabili...
PT-2021-23886 · Open Design Alliance · Open Design Alliance Drawings Sdk
Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11 Description: A Use-After-Free Remote issue exists when reading a DWG file using the parsing functionality. The issue results from the lack of validating the existence of an object...
CVE-2021-43273
An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability t...
CVE-2021-43280
A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage thi...
Open Design Alliance Drawings SDK 安全漏洞
Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The Open Design Alliance Drawings SDK contains a security vulnerability that results from an exception vulnerability in the sample The ODA Viewer continues to process...
Open Design Alliance Drawings SDK 缓冲区错误漏洞
Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, USA. The SDK provides access to data in .dwg and .dgn through a convenient, object-oriented API, offering features such as a C++ API, support for repairing files, and .NET,...
CVE-2021-32940
An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK All versions prior to 2022.5 resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-servi...