First published: Mon Nov 22 2021(Updated: )
A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opendesign Drawings Sdk | <2022.11 | |
Open Design Alliance (ODA) Drawings Explorer |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Open Design Alliance (ODA) Drawings Explorer vulnerability is CVE-2021-43582.
The severity of CVE-2021-43582 is high, with a severity value of 7.8.
Remote attackers can exploit CVE-2021-43582 by executing arbitrary code on affected installations of Open Design Alliance (ODA) Drawings Explorer, requiring user interaction through visiting a malicious page or opening a malicious file.
Open Design Alliance (ODA) Drawings Explorer and Opendesign Drawings SDK are affected by CVE-2021-43582.
More information about CVE-2021-43582 can be found on the Open Design Alliance (ODA) security advisories page and the Zero Day Initiative advisories page.