VDB
CVE-2023-5180
CVE-2023-5180
PUBLISHED
CVSS 7.800000190734863 HIGH
An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.
EPSS 0.05% · 15.8th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.05%
15.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Design Alliance | ODA Drawings SDK - All Versions < 2024.12 | 0 |
| opendesign | drawings_sdk | 0 |
Exploit Intelligence
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc-repo)
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc-repo)
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc-repo)
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc-repo)
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc-repo)
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc-repo)
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc)
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc)
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc)
- CVE-2023-5180 LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring. (github-poc)
…and 7 more exploits
Timeline
- Dec 26, 2023 CVE Published
- Dec 26, 2023 PoC Published
- Dec 27, 2023 EPSS Score
- Jan 25, 2024 EPSS Score
- Feb 23, 2024 EPSS Score
- Mar 22, 2024 EPSS Score
- Apr 20, 2024 EPSS Score
- May 19, 2024 EPSS Score
- Jun 17, 2024 EPSS Score
- Jul 15, 2024 EPSS Score
- Aug 13, 2024 EPSS Score
- Sep 11, 2024 EPSS Score
References
- https://cert-portal.siemens.com/productcert/html/ssa-856475.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-357412.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-720392.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-921449.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-068047.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-784301.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-716317.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-659443.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-087301.html advisory
- https://cert-portal.siemens.com/productcert/html/ssa-417547.html advisory
- https://www.opendesign.com/security-advisories vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-5180 advisory