CVE-2022-28808

{"id": "CVE-2022-28808", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-07-17T23:15:08.573", "references": [{"url": "https://www.opendesign.com/security-advisories", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process."}, {"lang": "es", "value": "Se ha detectado un problema en Open Design Alliance Drawings SDK versiones anteriores a 2023.3. Se presenta una vulnerabilidad de lectura fuera de l\u00edmites cuando se leen archivos DWG en modo de recuperaci\u00f3n. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual"}], "lastModified": "2022-07-25T14:56:11.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opendesign:drawings_sdk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AC10824-B014-4128-9C43-161838056F9C", "versionEndExcluding": "2023.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}