CVE-2024-8894

Severity CVSS v4.0:

HIGH

Type:

CWE-787 Out-of-bounds Write

Publication date:

04/12/2024

Last modified:

04/12/2024

Description

Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

Impact

Vector 4.0

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H CVSS v4.0 Severity and Metrics:

Base Score: 8.10 HIGH
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): Active
Confidentiality (VC): High
Integrity (VI): None
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): High

Base Score 4.0

8.10

Severity 4.0

HIGH

References to Advisories, Solutions, and Tools

https://www.opendesign.com/security-advisories