7.8
CWE
787
Advisory Published
Updated

CVE-2022-23095

First published: Sat Jan 15 2022(Updated: )

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Opendesign Drawings Software Development Kit<2021.12.1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2022-23095?

    CVE-2022-23095 is a vulnerability in the Open Design Alliance Drawings SDK that allows for memory corruption and potential code execution when loading crafted JPG files.

  • How does CVE-2022-23095 affect Open Design Alliance Drawings SDK?

    CVE-2022-23095 affects Open Design Alliance Drawings SDK versions before 2022.12.1 and can be exploited by an attacker to execute code within the current process.

  • What is the severity of CVE-2022-23095?

    CVE-2022-23095 has a severity rating of 7.8 (high).

  • How can an attacker exploit CVE-2022-23095?

    An attacker can exploit CVE-2022-23095 by providing a specially crafted JPG file that contains unchecked input data, resulting in memory corruption and potentially allowing code execution.

  • How can I mitigate CVE-2022-23095?

    To mitigate CVE-2022-23095, it is recommended to update to Open Design Alliance Drawings SDK version 2022.12.1 or later, which addresses the vulnerability.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203