CVE-2022-25788

Published: Apr 19, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.

Affected (13)

Products: Autodesk: Advance Steel, Autocad, Autocad Architecture, Autocad Electrical, Autocad Lt, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Civil 3d, Inventor

11 products

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Autodesk Advance Steel	From 2022 to 2022.1.2
Autodesk Autocad	From 2022 to 2022.1.2
Autodesk Autocad	From 2022 to 2022.2.2
Autodesk Autocad Architecture	From 2022 to 2022.1.2
Autodesk Autocad Electrical	From 2022 to 2022.1.2
Autodesk Autocad Lt	From 2022 to 2022.1.2
Autodesk Autocad Lt	From 2022 to 2022.2.2
Autodesk Autocad Map 3d	From 2022 to 2022.1.2
Autodesk Autocad Mechanical	From 2022 to 2022.1.2
Autodesk Autocad Mep	From 2022 to 2022.1.2
Autodesk Autocad Plant 3d	From 2022 to 2022.1.2
Autodesk Civil 3d	From 2022 to 2022.1.2
Autodesk Inventor	From 2022 to 2022.2

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.