Description
A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions (mt) before 2026.12. Static object `COdaMfcAppApp theApp` may access `OdString::kEmpty` before its initialization. Due to undefined initialization order of static objects across translation units (Static Initialization Order Fiasco), the application accesses uninitialized memory. This results in application crash on startup, causing denial of service. Due to undefined behavior, memory corruption and potential arbitrary code execution cannot be ruled out in specific exploitation scenarios.
Related CPE's
Could not find any relations
CVSS impact metrics
Missing metrics for CVSS V
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
8a9629cb-c5e7-4d2a-a894-111e8039b7ea
Vulnerability status
Received
Published
2025-12-22T16:15:43.437
3 hours agoLast modified
2025-12-22T16:15:43.437
3 hours ago