CVE-2024-8894: Out-of-bounds Write vulnerability in ODA SDK versions < 2025.10

8.1 CVSS

Description

Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

Classification

CVE ID: CVE-2024-8894

CVSS Base Severity: HIGH

CVSS Base Score: 8.1

Affected Products

Vendor: Open Design Alliance

Product: ODA Drawings SDK - All Versions < 2025.10

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.opendesign.com/security-advisories

Timeline

2024-12-05 00:33:01 UTC
CVE

Out-of-bounds Write vulnerability in ODA SDK versions < 2025.10