Out-of-bounds Read Vulnerability in Open Design Alliance ODA Viewer (2022.8) Allows Arbitrary Code Execution

Out-of-bounds Read Vulnerability in Open Design Alliance ODA Viewer (2022.8) Allows Arbitrary Code Execution

CVE-2021-43276 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process

Learn more about our Web Application Penetration Testing UK.