CVE-2022-28807

{"id": "CVE-2022-28807", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-07-17T23:15:08.530", "references": [{"url": "https://www.opendesign.com/security-advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process."}, {"lang": "es", "value": "Se ha detectado un problema en Open Design Alliance Drawings SDK anterior a 2023.2. Se presenta una vulnerabilidad de lectura fuera de l\u00edmites cuando es renderizado un archivo .dwg despu\u00e9s de abrirlo en el modo de recuperaci\u00f3n. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"}], "lastModified": "2022-07-25T15:13:50.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "989FF002-B5A3-4339-B60F-B9EEB3FBDF1D", "versionEndExcluding": "2023.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}