Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
Link | Resource |
---|---|
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Oct 2022, 17:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020 - Vendor Advisory | |
CPE | cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* |
|
CWE | CWE-125 | |
First Time |
Autodesk
Autodesk autocad Architecture Autodesk autocad Civil 3d Autodesk autocad Map 3d Autodesk autocad Advance Steel Autodesk autocad Lt Autodesk autocad Electrical Autodesk autocad Autodesk autocad Mechanical Autodesk autocad Mep Autodesk autocad Plant 3d |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
03 Oct 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-03 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-33884
Mitre link : CVE-2022-33884
CVE.ORG link : CVE-2022-33884
JSON object : View
Products Affected
autodesk
- autocad_advance_steel
- autocad_architecture
- autocad_mep
- autocad_electrical
- autocad_lt
- autocad
- autocad_mechanical
- autocad_map_3d
- autocad_civil_3d
- autocad_plant_3d
CWE
CWE-125
Out-of-bounds Read