CVE-2018-18224

high

Description

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.

References

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

https://www.opendesign.com/security-advisories

http://www.securityfocus.com/bid/105603

Details

Source: Mitre, NVD

Published: 2018-10-19

Updated: 2020-08-24

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Severity: High