Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open Design Alliance Drawings SDK 资源管理错误漏洞
Vulnerability Description
Open Design Alliance Drawings SDK是美国Open Design Alliance公司的一款应用于图纸设计的软件开发包。该开发包通过方便的,面向对象的API访问.dwg和.dgn中的数据,提供C++API、支持修复文件、.NET,JAVA,Python开发语言的支持等功能。 Open Design Alliance Drawings SDK 存在安全漏洞,该漏洞源于在对对象执行操作之前未验证对象的存在而导致的。攻击者可以利用此漏洞和其他漏洞在当前进程的上下文中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A