A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
19 Apr 2022, 15:56
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.4
v3 : 7.8 |
| CWE | CWE-787 | |
| CPE | cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 - Vendor Advisory | |
| First Time |
Autodesk autocad Map 3d
Autodesk autocad Autodesk autocad Electrical Autodesk civil 3d Autodesk autocad Mep Autodesk navisworks Autodesk autocad Plant 3d Autodesk autocad Lt Autodesk advance Steel Autodesk autocad Architecture Autodesk autocad Mechanical Autodesk |
11 Apr 2022, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-11 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-25791
Mitre link : CVE-2022-25791
CVE.ORG link : CVE-2022-25791
JSON object : View
Products Affected
autodesk
- navisworks
- autocad_architecture
- advance_steel
- autocad_electrical
- autocad_lt
- autocad
- autocad_mechanical
- autocad_map_3d
- autocad_mep
- civil_3d
- autocad_plant_3d
CWE
CWE-787
Out-of-bounds Write