CVE-2024-8894
HIGHOpen Design Alliance Drawings SDK <2025.10 - Memory Corruption
Title source: llmDescription
Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.
References (1)
Core 1
Core References
Various Sources
https://www.opendesign.com/security-advisories
Scores
CVSS v4
8.1
EPSS
0.0019
EPSS Percentile
9.0%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (1)
Open Design Alliance/ODA Drawings SDK - All Versions < 2025.10
< 2025.10
Published
Dec 04, 2024
Tracked Since
Feb 18, 2026