CVE-2022-25790

Published: Apr 11, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.

Affected (42)

Products: Autodesk: Advance Steel, Autocad, Autocad Architecture, Autocad Electrical, Autocad Lt, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Civil 3d, Navisworks

11 products

Configuration A

42 vulnerable

Vulnerable Software	Affected Versions
Autodesk Advance Steel	From 2019 to 2019.1.4
Autodesk Advance Steel	From 2020 to 2020.1.5
Autodesk Advance Steel	From 2021 to 2021.1.2
Autodesk Advance Steel	From 2022 to 2022.1.2
Autodesk Autocad	From 2019 to 2019.1.4
Autodesk Autocad	From 2020 to 2020.1.5
Autodesk Autocad	From 2021 to 2021.1.2
Autodesk Autocad	From 2022 to 2022.1.2
Autodesk Autocad	From 2022 to 2022.2.2
Autodesk Autocad Architecture	From 2019 to 2019.1.4
Autodesk Autocad Architecture	From 2020 to 2020.1.5
Autodesk Autocad Architecture	From 2021 to 2021.1.2
Autodesk Autocad Architecture	From 2022 to 2022.1.2
Autodesk Autocad Electrical	From 2019 to 2019.1.4
Autodesk Autocad Electrical	From 2020 to 2020.1.5
Autodesk Autocad Electrical	From 2021 to 2021.1.2
Autodesk Autocad Electrical	From 2022 to 2022.1.2
Autodesk Autocad Lt	From 2019 to 2019.1.4
Autodesk Autocad Lt	From 2020 to 2020.1.5
Autodesk Autocad Lt	From 2021 to 2021.1.2
Autodesk Autocad Lt	From 2022 to 2022.1.2
Autodesk Autocad Map 3d	From 2019 to 2019.1.4
Autodesk Autocad Map 3d	From 2020 to 2020.1.5
Autodesk Autocad Map 3d	From 2021 to 2021.1.2
Autodesk Autocad Map 3d	From 2022 to 2022.1.2
Autodesk Autocad Mechanical	From 2019 to 2019.1.4
Autodesk Autocad Mechanical	From 2020 to 2020.1.5
Autodesk Autocad Mechanical	From 2021 to 2021.1.2
Autodesk Autocad Mechanical	From 2022 to 2022.1.2
Autodesk Autocad Mep	From 2019 to 2019.1.4
Autodesk Autocad Mep	From 2020 to 2020.1.5
Autodesk Autocad Mep	From 2021 to 2021.1.2
Autodesk Autocad Mep	From 2022 to 2022.1.2
Autodesk Autocad Plant 3d	From 2019 to 2019.1.4
Autodesk Autocad Plant 3d	From 2020 to 2020.1.5
Autodesk Autocad Plant 3d	From 2021 to 2021.1.2
Autodesk Autocad Plant 3d	From 2022 to 2022.1.2
Autodesk Civil 3d	From 2019 to 2019.1.4
Autodesk Civil 3d	From 2020 to 2020.1.5
Autodesk Civil 3d	From 2021 to 2021.1.2
Autodesk Civil 3d	From 2022 to 2022.1.2
Autodesk Navisworks	From 2022 to 2022.2

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.