First published: Sat Jan 15 2022(Updated: )
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opendesign Drawings Software Development Kit | <2021.12.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-23095 is a vulnerability in the Open Design Alliance Drawings SDK that allows for memory corruption and potential code execution when loading crafted JPG files.
CVE-2022-23095 affects Open Design Alliance Drawings SDK versions before 2022.12.1 and can be exploited by an attacker to execute code within the current process.
CVE-2022-23095 has a severity rating of 7.8 (high).
An attacker can exploit CVE-2022-23095 by providing a specially crafted JPG file that contains unchecked input data, resulting in memory corruption and potentially allowing code execution.
To mitigate CVE-2022-23095, it is recommended to update to Open Design Alliance Drawings SDK version 2022.12.1 or later, which addresses the vulnerability.