CVE-2022-28807 – An out-of-bounds read vulnerability in Open Des... (How to Fix)

Q: What is the severity of CVE-2022-28807?

CVE-2022-28807 has a CVSS score of 7.8 (HIGH). An out-of-bounds read vulnerability in Open Design Alliance Drawings SDK allows attackers to execute arbitrary code when processing malicious DWG files in recovery mode. This affects applications using the vulnerable SDK to handle CAD drawings. Attackers can exploit this by tricking users into opening specially crafted DWG files.

📋 TL;DR

An out-of-bounds read vulnerability in Open Design Alliance Drawings SDK allows attackers to execute arbitrary code when processing malicious DWG files in recovery mode. This affects applications using the vulnerable SDK to handle CAD drawings. Attackers can exploit this by tricking users into opening specially crafted DWG files.

💻 Affected Systems

Products:

Open Design Alliance Drawings SDK
Applications using ODA Drawings SDK

Versions: All versions before 2023.2

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only exploitable when processing DWG files in recovery mode. Applications must use the vulnerable SDK functions.

📦 What is this software?

Drawings Sdk by Opendesign

View all CVEs affecting Drawings Sdk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application using the SDK, potentially leading to full system compromise.

🟠

Likely Case

Application crash or limited information disclosure from memory reads, with potential for RCE if combined with other vulnerabilities.

🟢

If Mitigated

No impact if patched or if recovery mode is disabled.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but common in web applications processing CAD uploads.

🏢 Internal Only: MEDIUM - Internal users could be targeted via email attachments or network shares containing malicious DWG files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction to open malicious DWG file. Exploitation depends on memory layout and application specifics.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.2 and later

Vendor Advisory: https://www.opendesign.com/security-advisories

Restart Required: Yes

Instructions:

1. Identify applications using ODA Drawings SDK. 2. Update SDK to version 2023.2 or later. 3. Recompile applications with updated SDK. 4. Restart affected applications/services.

🔧 Temporary Workarounds

Disable recovery mode

all

Configure applications to not use recovery mode when opening DWG files

File type restrictions

all

Block or sandbox DWG file processing in vulnerable applications

🧯 If You Can't Patch

Implement application sandboxing to limit impact of potential code execution
Use file integrity monitoring to detect unexpected application crashes or modifications

🔍 How to Verify

Check if Vulnerable:

Check application documentation or contact vendor to confirm ODA SDK version. Version below 2023.2 is vulnerable.

Check Version:

Application-specific - check vendor documentation for version query methods

Verify Fix Applied:

Confirm ODA SDK version is 2023.2 or later. Test with known safe DWG files in recovery mode.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing DWG files
Unexpected memory access errors in application logs

Network Indicators:

Unusual outbound connections from CAD applications after file processing

SIEM Query:

source="application_logs" AND ("crash" OR "access violation") AND "dwg"

📊 Metadata

CVE ID: CVE-2022-28807

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: July 17, 2022

Last Updated: November 21, 2024

🔗 References

https://www.opendesign.com/security-advisories Vendor Advisory
https://www.opendesign.com/security-advisories Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-28807, you might also want to check these: