CVE-2024-8894

Out-of-bounds Write vulnerability in ODA SDK versions < 2025.10

CVSS 8.1 HIGHEPSS 0.2%CWE-787

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Dec 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:H

Affected products

Open Design Alliance · ODA Drawings SDK - All Versions < 2025.10

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.opendesign.com/security-advisories