A vulnerability allowing the use of uninitialized variables has been identified in Open Design Alliance Drawings SDK static versions (mt) prior to 2026.12. The issue arises from a static object, 'COdaMfcAppApp theApp', accessing 'OdString::kEmpty' before it has been properly initialized. This vulnerability is a result of the Static Initialization Order Fiasco, which causes the application to read uninitialized memory. The consequence is a crash on startup, creating a denial-of-service condition. Additionally, the undefined behavior could lead to memory corruption and potentially allow arbitrary code execution in certain exploitation scenarios.
Exploitation of this vulnerability causes the application to crash on startup, leading to a denial-of-service condition. However, due to the undefined behavior involved, memory corruption and potential arbitrary code execution cannot be ruled out in specific exploitation scenarios.
Users can upgrade to version 26.12 or any of the earlier mentioned fixed versions to address this vulnerability.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
