CVE-2021-32940

Published: 06/17/2021 13:15:07

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations.

HIGH
CVSS v3: 7.1

Status

DocFilters Release	Package	State	Justification	Comment
25.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.4	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.4.0	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.3	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.2.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.2	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
24.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
23.3	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
23.2.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
23.2	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
23.1	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
22.4	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.
22.3	oda (2023.4)	Not Affected	Code Not Present	2023.4 does not match CVE configuration.

Severity score breakdown

Attack Complexity

LOW

Attack Vector

LOCAL

Availability Impact

HIGH

Base Score

7.1

Base Severity

HIGH

Confidentiality Impact

HIGH

Integrity Impact

NONE

Privileges Required

NONE

Scope

UNCHANGED

User Interaction

REQUIRED

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Version

3.1

References

NVD
MITRE