Siemens COMOS

SUMMARY COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...

CVE-2023-22669

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2023-26495

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code...

PT-2023-6728 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2023.6 Description: The issue is related to a heap-based buffer overflow in the parsing of DWG files. This occurs due to a lack of proper validation of the length of user-supplied XRecord da...

CVE-2022-28807

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2022-23095

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2021-44047

A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end ...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides easy, object-oriented API access to data in .dwg and .dgn, C API, file repair support, support for . code execution...

PT-2021-24031 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11 Description: The issue exists within the parsing of DGN files, where crafted data and a lack of proper validation for the XFAT sectors count can trigger a write operation past the en...

PT-2021-23886 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11 Description: A Use-After-Free Remote issue exists when reading a DWG file using the parsing functionality. The issue results from the lack of validating the existence of an object...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for . The vulnerabili...

CVE-2021-43273

An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability t...

Open Design Alliance Drawings SDK 安全漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The Open Design Alliance Drawings SDK contains a security vulnerability that results from an exception vulnerability in the sample The ODA Viewer continues to process...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, USA. The SDK provides access to data in .dwg and .dgn through a convenient, object-oriented API, offering features such as a C++ API, support for repairing files, and .NET,...

CVE-2021-32940

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK All versions prior to 2022.5 resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-servi...

PT-2021-19983 · Unknown · Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Drawings SDK versions prior to 2022.4 Description: The issue is due to the parsing of DWG files resulting from the lack of proper validation of user-supplied data, which can cause an out-of-bounds read. This allows attackers to cause a...

PT-2021-19993 · Unknown · Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Drawings SDK versions prior to 2022.4 Description: An out-of-bounds write issue exists in the DWG file-reading procedure due to the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffe...

PT-2021-19994 · Unknown · Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Drawings SDK versions prior to 2022.4 Description: An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK, resulting from the lack of proper validation of user-supplied data. This can result in a read past the...

Open Design Alliance Drawings SDK 代码问题漏洞

Drawings is a development platform for desktop, mobile and web applications targeting .dwg and .dgn data.Drawings SDK is the Drawings Software Development Kit. A null pointer dereference vulnerability exists in Open Design Alliance Drawings SDK versions prior to 2021.11. An attacker can exploit...

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Drawings is a development platform for desktop, mobile and web applications targeting .dwg and .dgn data.Drawings SDK is the Drawings Software Development Kit. A stack buffer overflow vulnerability exists in Open Design Alliance Drawings SDK versions prior to 2021.11. An attacker can exploit this...