Description
A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105603
Vendor Advisory x_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Vendor Advisory x_refsource_confirm
https://www.opendesign.com/security-advisories
Scores
CVSS v3
8.1
EPSS
0.0096
EPSS Percentile
76.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (3)
opendesign/drawings_sdk
2019 update1
oracle/outside_in_technology
8.5.3
oracle/outside_in_technology
8.5.4
Published
Oct 19, 2018
Tracked Since
Feb 18, 2026