CVE-2021-44422

Published: Dic 21, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-31263 Aliases: GSD-2021-44422

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,8

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

MEDIUM 6,8

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: partial

Description

AI Translation Available

An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0080

Percentile

0,7th

Updated

EPSS Score Trend (Last 90 Days)

Improper Input Validation

Stable

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality Integrity

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Memory Read Files Or Directories Modify Memory Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

787

Out-of-bounds Write

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Other

Potential Impacts:

Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Unexpected State

Applicable Platforms

Languages: Assembly, C, C++, Memory-Unsafe

Technologies: ICS/OT

Likelihood of Exploit: High

View CWE Details

Application

Drawings Sdk by Opendesign

Product Information

Vendor Opendesign

Product Drawings Sdk

Version Range Affected

To 2022.12 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.opendesign.com/security-advisories

Vendor Advisory

https://www.opendesign.com/security-advisories

Vendor Advisory

https://www.opendesign.com/security-advisories

CVE-2021-44422

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Input Validation

Common Consequences

Applicable Platforms

Out-of-bounds Write

Common Consequences

Applicable Platforms

Drawings Sdk by Opendesign

Product Information

Iscriviti alla newsletter