CVE-2024-8894

Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

CVSS

No CVSS.

References

Link	Resource
https://www.opendesign.com/security-advisories

Configurations

No configuration.

History

No history.

Information

Published : 2024-12-04 12:15

Updated : 2024-12-04 12:15

NVD link : CVE-2024-8894

Mitre link : CVE-2024-8894

CVE.ORG link : CVE-2024-8894

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2024-8894", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-04T12:15:20.763", "references": [{"url": "https://www.opendesign.com/security-advisories", "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Out-of-bounds Write\u00a0vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution."}, {"lang": "es", "value": " Se descubri\u00f3 una vulnerabilidad de escritura fuera de los l\u00edmites en Open Design Alliance Drawings SDK antes de la versi\u00f3n 2025.10. La lectura de un archivo DWF creado y la omisi\u00f3n de las comprobaciones adecuadas en los datos de SectionIterator recibidos pueden desencadenar una excepci\u00f3n no controlada. Esto puede permitir que los atacantes provoquen un bloqueo, lo que podr\u00eda permitir un ataque de denegaci\u00f3n de servicio (bloqueo, salida o reinicio) o una posible ejecuci\u00f3n de c\u00f3digo."}], "lastModified": "2024-12-04T12:15:20.763", "sourceIdentifier": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea"}

CVE-2024-8894

JSON object

Attach tags to CVE-2024-8894

Attach tags to `CVE-2024-8894`