First published: Sat Apr 15 2023(Updated: )
Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opendesign Drawings Sdk | <2023.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-22669.
The severity of CVE-2023-22669 is high, with a severity value of 7.8.
CVE-2023-22669 is a vulnerability in the parsing of DWG files in Open Design Alliance Drawings SDK before version 2023.6, which lacks proper validation of the length of user-supplied XRecord data, allowing an attacker to execute code in the context of the current process.
The Open Design Alliance Drawings SDK before version 2023.6 is affected by CVE-2023-22669.
To fix CVE-2023-22669, update to Open Design Alliance Drawings SDK version 2023.6 or later.