Siemens COMOS

SUMMARY COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...

CVE-2023-22669

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2023-26495

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code...

PT-2023-6728 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2023.6 Description: The issue is related to a heap-based buffer overflow in the parsing of DWG files. This occurs due to a lack of proper validation of the length of user-supplied XRecord da...

CVE-2022-28807

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2022-23095

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2021-44047

A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end ...

PT-2021-24031 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11 Description: The issue exists within the parsing of DGN files, where crafted data and a lack of proper validation for the XFAT sectors count can trigger a write operation past the en...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides easy, object-oriented API access to data in .dwg and .dgn, C API, file repair support, support for . code execution...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for . The vulnerabili...

PT-2021-23886 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11 Description: A Use-After-Free Remote issue exists when reading a DWG file using the parsing functionality. The issue results from the lack of validating the existence of an object...

CVE-2021-43273

An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability t...

Open Design Alliance Drawings SDK 安全漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The Open Design Alliance Drawings SDK contains a security vulnerability that results from an exception vulnerability in the sample The ODA Viewer continues to process...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, USA. The SDK provides access to data in .dwg and .dgn through a convenient, object-oriented API, offering features such as a C++ API, support for repairing files, and .NET,...

CVE-2021-32940

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK All versions prior to 2022.5 resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-servi...

PT-2021-19993 · Unknown · Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Drawings SDK versions prior to 2022.4 Description: An out-of-bounds write issue exists in the DWG file-reading procedure due to the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffe...

PT-2021-19983 · Unknown · Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Drawings SDK versions prior to 2022.4 Description: The issue is due to the parsing of DWG files resulting from the lack of proper validation of user-supplied data, which can cause an out-of-bounds read. This allows attackers to cause a...

PT-2021-19994 · Unknown · Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Drawings SDK versions prior to 2022.4 Description: An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK, resulting from the lack of proper validation of user-supplied data. This can result in a read past the...

Open Design Alliance Drawings SDK 代码问题漏洞

Drawings is a development platform for desktop, mobile and web applications targeting .dwg and .dgn data.Drawings SDK is the Drawings Software Development Kit. A null pointer dereference vulnerability exists in Open Design Alliance Drawings SDK versions prior to 2021.11. An attacker can exploit...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Drawings is a development platform for desktop, mobile and web applications targeting .dwg and .dgn data.Drawings SDK is the Drawings Software Development Kit. A stack buffer overflow vulnerability exists in Open Design Alliance Drawings SDK versions prior to 2021.11. An attacker can exploit this...