CVE-2023-22669

CVSS V2 None CVSS V3 None
Description
Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Overview
  • CVE ID
  • CVE-2023-22669
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-15T01:15:06
  • Last Modified Date
  • 2023-04-25T16:16:53
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:* 1 OR 2023.6
References
Reference URL Reference Tags
https://www.opendesign.com/security-advisories
History
Created Old Value New Value Data Type Notes
2023-04-17 04:46:03 Added to TrackCVE
2023-04-21 11:00:46 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-25 17:00:47 2023-04-25T16:16:53 CVE Modified Date updated
2023-04-25 17:00:48 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-25 17:00:49 Weakness Enumeration new
2023-04-25 17:00:52 CPE Information updated