Lucene search
+L

25 matches found

ICS
ICS
added 2025/08/12 12:0 a.m.6 views

Siemens COMOS

SUMMARY COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security measure,...

8.1CVSS8AI score0.00192EPSS
Exploits0References10
OSV
OSV
added 2023/04/15 1:15 a.m.5 views

CVE-2023-22669

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process...

7.8CVSS6AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2023/04/10 8:15 p.m.5 views

CVE-2023-26495

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code...

7.8CVSS6.5AI score0.0044EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/09 12:0 a.m.5 views

PT-2023-6728 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2023.6 Description: The issue is related to a heap-based buffer overflow in the parsing of DWG files. This occurs due to a lack of proper validation of the length of user-supplied XRecord da...

7.8CVSS7.7AI score0.00315EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2022/07/17 11:15 p.m.3 views

CVE-2022-28807

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process...

7.8CVSS7.3AI score0.00414EPSS
Exploits0References2
OSV
OSV
added 2022/01/15 3:17 p.m.5 views

CVE-2022-23095

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process...

7.8CVSS5.9AI score0.01127EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/21 7:15 p.m.4 views

CVE-2021-44859

An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability...

7.8CVSS6.5AI score0.00817EPSS
Exploits0References2
OSV
OSV
added 2021/12/05 9:15 p.m.3 views

CVE-2021-44047

A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end ...

7.8CVSS6AI score0.00855EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/05 9:15 p.m.2 views

CVE-2021-44047

A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end ...

7.8CVSS6.8AI score0.00855EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/05 9:15 p.m.4 views

CVE-2021-44045

An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation...

7.8CVSS7.2AI score0.00814EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/05 9:15 p.m.3 views

CVE-2021-44044

An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG 4 extraneous bytes before the marker 0xca can trigger a write operation past the end of an allocated...

7.8CVSS7.2AI score0.00814EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/29 12:0 a.m.5 views

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides easy, object-oriented API access to data in .dwg and .dgn, C API, file repair support, support for . code execution...

7.8CVSS5.7AI score0.00814EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/11/29 12:0 a.m.9 views

PT-2021-24031 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11 Description: The issue exists within the parsing of DGN files, where crafted data and a lack of proper validation for the XFAT sectors count can trigger a write operation past the en...

7.8CVSS7.7AI score0.00814EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/11/16 12:0 a.m.7 views

PT-2021-23886 · Open Design Alliance · Open Design Alliance Drawings Sdk

Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2022.11 Description: A Use-After-Free Remote issue exists when reading a DWG file using the parsing functionality. The issue results from the lack of validating the existence of an object...

7.8CVSS7.6AI score0.01339EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/11/16 12:0 a.m.8 views

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for . The vulnerabili...

8.8CVSS5.9AI score0.01201EPSS
Exploits0References3
OSV
OSV
added 2021/11/14 9:15 p.m.5 views

CVE-2021-43273

An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability t...

3.3CVSS5.9AI score0.01405EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2021/11/14 9:15 p.m.2 views

CVE-2021-43280

A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage thi...

7.8CVSS7.6AI score0.01837EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/11/14 12:0 a.m.8 views

Open Design Alliance Drawings SDK 安全漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The Open Design Alliance Drawings SDK contains a security vulnerability that results from an exception vulnerability in the sample The ODA Viewer continues to process...

9.8CVSS6AI score0.03517EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/11/10 12:0 a.m.6 views

Open Design Alliance Drawings SDK 缓冲区错误漏洞

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, USA. The SDK provides access to data in .dwg and .dgn through a convenient, object-oriented API, offering features such as a C++ API, support for repairing files, and .NET,...

4.3CVSS4.9AI score0.01405EPSS
Exploits0References8
OSV
OSV
added 2021/06/17 1:15 p.m.4 views

CVE-2021-32940

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK All versions prior to 2022.5 resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-servi...

7.1CVSS7.2AI score0.0205EPSS
Exploits0References4
Rows per page
Query Builder