A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.
References
Link | Resource |
---|---|
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
19 Apr 2022, 02:08
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 - Vendor Advisory | |
CPE | cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:* |
|
First Time |
Autodesk autocad Map 3d
Autodesk autocad Autodesk autocad Electrical Autodesk civil 3d Autodesk autocad Mep Autodesk navisworks Autodesk autocad Plant 3d Autodesk autocad Lt Autodesk advance Steel Autodesk autocad Architecture Autodesk autocad Mechanical Autodesk |
|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
11 Apr 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-11 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-25792
Mitre link : CVE-2022-25792
CVE.ORG link : CVE-2022-25792
JSON object : View
Products Affected
autodesk
- navisworks
- autocad_architecture
- advance_steel
- autocad_electrical
- autocad_lt
- autocad
- autocad_mechanical
- autocad_map_3d
- autocad_mep
- civil_3d
- autocad_plant_3d
CWE
CWE-787
Out-of-bounds Write