CVE-2021-32938

Published: 06/17/2021 13:15:07

Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.

HIGH
CVSS v3: 7.1

Status

DocFilters Release	Package	State	Justification	Comment
25.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.4	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.4.0	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.3	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.2.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.2	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
23.3	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
23.2.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
23.2	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
23.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
22.4	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
22.3	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.

Severity score breakdown

Attack Complexity

LOW

Attack Vector

LOCAL

Availability Impact

HIGH

Base Score

7.1

Base Severity

HIGH

Confidentiality Impact

HIGH

Integrity Impact

NONE

Privileges Required

NONE

Scope

UNCHANGED

User Interaction

REQUIRED

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Version

3.1

References

NVD
MITRE