CVE-2023-22670

HIGH

Open Design Alliance Drawings SDK < 2023.6 - Heap-Based Buffer Overflow in DXF File Parser

Title source: llm
STIX 2.1

Description

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0022
EPSS Percentile 12.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
opendesign/drawings_sdk < 2023.6
Published Apr 15, 2023
Tracked Since Feb 18, 2026