Vulnerability Description
A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opendesign | Drawings Software Development Kit | < 2022.8 |
Related Weaknesses (CWE)
References
- https://www.opendesign.com/security-advisoriesVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1340/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1341/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1342/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1343/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1345/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1355/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1356/Third Party AdvisoryVDB Entry
- https://www.opendesign.com/security-advisoriesVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-1340/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1341/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1342/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1343/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1345/Third Party AdvisoryVDB Entry
- https://www.zerodayinitiative.com/advisories/ZDI-21-1355/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-43280?
CVE-2021-43280 is a vulnerability with a CVSS score of 7.8 (HIGH). A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the len...
How severe is CVE-2021-43280?
CVE-2021-43280 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43280?
Check the references section above for vendor advisories and patch information. Affected products include: Opendesign Drawings Software Development Kit.