CVE-2022-25796

Published: Apr 11, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Affected (1)

Products: Autodesk: Navisworks

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Autodesk Navisworks	From 2022 to 2022.2

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.