CVE-2022-33881

Published: Jul 29, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected (10)

Products: Autodesk: Autocad, Autocad Advance Steel, Autocad Architecture, Autocad Civil 3d, Autocad Electrical, Autocad Lt, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d

Autodesk

10 products

Autocad

Autocad Advance Steel

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad	Version 2023
Autodesk Autocad Advance Steel	Version 2023
Autodesk Autocad Architecture	Version 2023
Autodesk Autocad Civil 3d	Version 2023
Autodesk Autocad Electrical	Version 2023
Autodesk Autocad Lt	Version 2023
Autodesk Autocad Map 3d	Version 2023
Autodesk Autocad Mechanical	Version 2023
Autodesk Autocad Mep	Version 2023
Autodesk Autocad Plant 3d	Version 2023

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0014

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0014

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.