ZDI-23-135: Open Design Alliance (ODA) Drawing SDK DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

alliance attackers design disclosure drawing dwg exploit file information information disclosure information disclosure vulnerability malicious out-of-bounds page parsing sdk sensitive sensitive information target vulnerability zdi