CVE-2025-10021 - Open Design Alliance Drawings SDK Uninitialized Variable Use leading to Denial of Service and Potential Arbitrary Code Execution

Maloy Roy Orko 0
CVE ID : CVE-2025-10021
Published : Dec. 22, 2025, 4:15 p.m. | 1 hour, 40 minutes ago
Description : A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across translation units (Static Initialization Order Fiasco), the application accesses uninitialized memory. This results in application crash on startup, causing denial of service. Due to undefined behavior,  memory corruption and potential arbitrary code execution cannot be ruled out in specific exploitation scenarios.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...

from Latest Vulnerabilities https://ift.tt/2sxVazK
Tags

Maloy Roy Orko

I am Maloy Roy Orko. An aspiring security researcher. Learning New Fields and Strategies Since 2019. 💻

Post a Comment

Post a Comment

Previous Post Next Post