GSD-2023-22670 — Vulnetix

GSD-2023-22670 PUBLISHED CVSS 7.800000190734863 HIGH

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Timeline

Oct 5, 2023 PoC Published
Apr 28, 2025 PoC Published
Apr 22, 2026 CVE Published

References

https://www.opendesign.com/security-advisories url

Open in Interactive Console →