Regardless of any vulnerabilities, if you are using a version of the ODBC driver less that 17 in an application outside of SQL Server, yes, I would update to ODBC 17. This does require that you are able to control the driver or connection string used by the application. If you can't control that, you will break your application when you uninstall ODBC 11/13 because the application will be looking for a driver with the old name (ODBC Driver 13 for SQL Server, for example).
For drivers older than ODBC 17 (ODBC 13, 11), those are updated/supported within the scope of a SQL Server installation. For example, in the CVEs from February, where the CVE lists SQL Server versions 2017 or older, if the ODBC driver was the source of the issue, you can expect it to be part of a SQL Server update package. While there will likely be no separate driver download for those old driver versions (I don't own the old ones, so I don't know if that will change), you can extract the driver package from the SQL update. Simply extract all files from a SQL update via `SQLServerXXXX-KBXXXXXXX-x64.exe -x`. Search the folder you extracted to for `msodbcsql.msi`.