First published: Sun Nov 14 2021(Updated: )
A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opendesign Drawings Software Development Kit | <2022.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43274 is a Use After Free vulnerability that exists in the Open Design Alliance Drawings SDK before version 2022.11.
The vulnerability in CVE-2021-43274 occurs due to the lack of validating the existence of an object prior to performing operations on the object during parsing of DWF files in the Open Design Alliance Drawings SDK.
The severity of CVE-2021-43274 is high with a severity value of 7.8.
The Open Design Alliance Drawings SDK before version 2022.11 is affected by CVE-2021-43274.
An attacker can exploit CVE-2021-43274 by leveraging the Use After Free vulnerability in the Open Design Alliance Drawings SDK to execute arbitrary code or cause a denial of service.