CVE-2022-27529

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*

History

25 Apr 2022, 16:26

Type Values Removed Values Added
First Time Autodesk autocad Map 3d
Autodesk autocad
Autodesk autocad Electrical
Autodesk civil 3d
Autodesk autocad Mep
Autodesk autocad Plant 3d
Autodesk autocad Lt
Autodesk advance Steel
Autodesk autocad Architecture
Autodesk autocad Mechanical
Autodesk
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 7.8
CWE CWE-787
References (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 - (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 - Vendor Advisory
CPE cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*

18 Apr 2022, 17:45

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-18 17:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-27529

Mitre link : CVE-2022-27529

CVE.ORG link : CVE-2022-27529


JSON object : View

Products Affected

autodesk

  • autocad_electrical
  • autocad_architecture
  • civil_3d
  • autocad_map_3d
  • autocad_plant_3d
  • autocad_mechanical
  • advance_steel
  • autocad
  • autocad_lt
  • autocad_mep
CWE
CWE-787

Out-of-bounds Write