CVE-2022-27523

Published: Apr 13, 2022Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected (4)

Products: Autodesk: Dwg Trueview

Autodesk

1 product

Dwg Trueview

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Dwg Trueview	From 2019 to 2019.1.4
Autodesk Dwg Trueview	From 2020 to 2020.1.5
Autodesk Dwg Trueview	From 2021 to 2021.1.2
Autodesk Dwg Trueview	From 2022 to 2022.1.2

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.