CVE-2021-25175

 

Published at: - 18-01-2021 09:15

Last modified: - 08-04-2022 03:20

Total changes: - 11

Description

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://www.opendesign.com/security-advisories
• https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf
• https://www.zerodayinitiative.com/advisories/ZDI-21-218/
• https://www.zerodayinitiative.com/advisories/ZDI-21-245/
• https://www.zerodayinitiative.com/advisories/ZDI-21-223/
• https://www.zerodayinitiative.com/advisories/ZDI-21-244/
• https://www.zerodayinitiative.com/advisories/ZDI-21-246/
• https://www.zerodayinitiative.com/advisories/ZDI-21-224/
• https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf

 

Keywords

NVD

 

CVE-2021-25175

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures