opendesign CVE Vulnerabilities & Metrics

Focus on opendesign vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About opendesign Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with opendesign. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total opendesign CVEs: 36
Earliest CVE date: 19 Oct 2018, 22:29 UTC
Latest CVE date: 26 Dec 2023, 09:15 UTC

Latest CVE reference: CVE-2023-5180

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical opendesign CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.08

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 8
4.0-6.9 28
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS opendesign CVEs

These are the five CVEs with the highest CVSS scores for opendesign, sorted by severity first and recency.

All CVEs for opendesign

CVE-2023-5180 opendesign vulnerability CVSS: 0 26 Dec 2023, 09:15 UTC

An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2023-5179 opendesign vulnerability CVSS: 0 07 Nov 2023, 16:15 UTC

An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

CVE-2023-22670 opendesign vulnerability CVSS: 0 15 Apr 2023, 01:15 UTC

A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2023-22669 opendesign vulnerability CVSS: 0 15 Apr 2023, 01:15 UTC

Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2023-26495 opendesign vulnerability CVSS: 0 10 Apr 2023, 20:15 UTC

An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.

CVE-2022-28809 opendesign vulnerability CVSS: 0 17 Jul 2022, 23:15 UTC

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2022-28808 opendesign vulnerability CVSS: 0 17 Jul 2022, 23:15 UTC

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2022-28807 opendesign vulnerability CVSS: 0 17 Jul 2022, 23:15 UTC

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2022-23095 opendesign vulnerability CVSS: 6.8 15 Jan 2022, 15:17 UTC

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-44860 opendesign vulnerability CVSS: 6.8 21 Dec 2021, 19:15 UTC

An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-44859 opendesign vulnerability CVSS: 6.8 21 Dec 2021, 19:15 UTC

An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-44422 opendesign vulnerability CVSS: 6.8 21 Dec 2021, 19:15 UTC

An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-44047 opendesign vulnerability CVSS: 6.8 05 Dec 2021, 21:15 UTC

A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-44045 opendesign vulnerability CVSS: 6.8 05 Dec 2021, 21:15 UTC

An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-44044 opendesign vulnerability CVSS: 6.8 05 Dec 2021, 21:15 UTC

An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-43582 opendesign vulnerability CVSS: 6.8 22 Nov 2021, 09:15 UTC

A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-43391 opendesign vulnerability CVSS: 6.8 14 Nov 2021, 21:15 UTC

An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data in a DXF file (an invalid dash counter in line types) can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-43390 opendesign vulnerability CVSS: 6.8 14 Nov 2021, 21:15 UTC

An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-43336 opendesign vulnerability CVSS: 6.8 14 Nov 2021, 21:15 UTC

An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and DWG files. Crafted data in a DXF or DWG file (an invalid number of properties) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-43280 opendesign vulnerability CVSS: 6.8 14 Nov 2021, 21:15 UTC

A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of the length of user-supplied data before copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-43275 opendesign vulnerability CVSS: 6.8 14 Nov 2021, 21:15 UTC

A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-43274 opendesign vulnerability CVSS: 6.8 14 Nov 2021, 21:15 UTC

A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

CVE-2021-43273 opendesign vulnerability CVSS: 4.3 14 Nov 2021, 21:15 UTC

An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of input data can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2021-32952 opendesign vulnerability CVSS: 6.8 17 Jun 2021, 13:15 UTC

An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVE-2021-32950 opendesign vulnerability CVSS: 5.8 17 Jun 2021, 13:15 UTC

An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of-service condition or read sensitive information from memory locations.

CVE-2021-32948 opendesign vulnerability CVSS: 6.8 17 Jun 2021, 13:15 UTC

An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVE-2021-32944 opendesign vulnerability CVSS: 6.8 17 Jun 2021, 13:15 UTC

A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVE-2021-32940 opendesign vulnerability CVSS: 5.8 17 Jun 2021, 13:15 UTC

An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or read sensitive information from memory locations.

CVE-2021-32938 opendesign vulnerability CVSS: 5.8 17 Jun 2021, 13:15 UTC

Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a read past the end of an allocated buffer and allows attackers to cause a denial-of service condition or read sensitive information from memory.

CVE-2021-32936 opendesign vulnerability CVSS: 6.8 17 Jun 2021, 13:15 UTC

An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a write past the end of an allocated buffer and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVE-2021-32946 opendesign vulnerability CVSS: 6.8 17 Jun 2021, 12:15 UTC

An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. This may result in several of out-of-bounds problems and allow attackers to cause a denial-of-service condition or execute code in the context of the current process.

CVE-2021-31784 opendesign vulnerability CVSS: 6.8 26 Apr 2021, 19:15 UTC

An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.

CVE-2021-25174 opendesign vulnerability CVSS: 6.8 18 Jan 2021, 08:15 UTC

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).

CVE-2021-25173 opendesign vulnerability CVSS: 6.8 18 Jan 2021, 08:15 UTC

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).

CVE-2018-18224 opendesign vulnerability CVSS: 5.8 19 Oct 2018, 22:29 UTC

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.

CVE-2018-18223 opendesign vulnerability CVSS: 5.8 19 Oct 2018, 22:29 UTC

Open Design Alliance Drawings SDK 2019Update1 has a vulnerability during the reading of malformed files, allowing attackers to obtain sensitive information from process memory or cause a crash.