CVE-2024-8894

Published Dec 4, 2024

Last updated 3 months ago

CVSS high 8.1

Overview

Description
Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.
Source
8a9629cb-c5e7-4d2a-a894-111e8039b7ea
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.1
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

8a9629cb-c5e7-4d2a-a894-111e8039b7ea
CWE-787

Social media

Hype score
Not currently trending

  1. CVE-2024-8894 Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received Sec… https://t.co/rGlhqyLvS4

    @CVEnew

    4 Dec 2024

    463 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References