CVE-2023-22670: Buffer Overflow
First published: Sat Apr 15 2023(Updated: )
A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opendesign Drawings Sdk | <2023.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID CVE-2023-22670?
The vulnerability ID CVE-2023-22670 refers to a heap-based buffer overflow in the DXF file reading procedure in Open Design Alliance Drawings SDK.
How severe is the vulnerability CVE-2023-22670?
The severity of the vulnerability CVE-2023-22670 is high with a CVSS score of 7.8.
Which software is affected by CVE-2023-22670?
The software affected by CVE-2023-22670 is Open Design Alliance Drawings SDK before version 2023.6.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-22670?
The Common Weakness Enumeration (CWE) ID for CVE-2023-22670 is CWE-119 and CWE-787.
How can I fix the vulnerability CVE-2023-22670?
To fix the vulnerability CVE-2023-22670, it is recommended to update the Open Design Alliance Drawings SDK to version 2023.6 or higher.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/opendesign
- canonical/opendesign drawings sdk