CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22669

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 15.6%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2023-22669

Opendesign » Drawings Sdk » Version: N/A

cpe:2.3:a:opendesign:drawings_sdk:-
Opendesign » Drawings Sdk » Version: 2019

cpe:2.3:a:opendesign:drawings_sdk:2019
Opendesign » Drawings Sdk » Version: 2021.11

cpe:2.3:a:opendesign:drawings_sdk:2021.11
Opendesign » Drawings Sdk » Version: 2021.12

cpe:2.3:a:opendesign:drawings_sdk:2021.12
Opendesign » Drawings Sdk » Version: 2022.11

cpe:2.3:a:opendesign:drawings_sdk:2022.11
Opendesign » Drawings Sdk » Version: 2022.12

cpe:2.3:a:opendesign:drawings_sdk:2022.12
Opendesign » Drawings Sdk » Version: 2023.2

cpe:2.3:a:opendesign:drawings_sdk:2023.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22669

Products

Pricing

Contact Us