CVE-2022-33884

Published: Oct 3, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected (40)

Products: Autodesk: Autocad, Autocad Advance Steel, Autocad Architecture, Autocad Civil 3d, Autocad Electrical, Autocad Lt, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d

Autodesk

10 products

Autocad

Autocad Advance Steel

Configuration A

40 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad	From 2020 to 2020.1.6
Autodesk Autocad	From 2021 to 2021.1.3
Autodesk Autocad	From 2022 to 2022.1.3
Autodesk Autocad	From 2023 to 2023.1.1
Autodesk Autocad Advance Steel	From 2020 to 2020.1.6
Autodesk Autocad Advance Steel	From 2021 to 2021.1.3
Autodesk Autocad Advance Steel	From 2022 to 2022.1.3
Autodesk Autocad Advance Steel	From 2023 to 2023.1.1
Autodesk Autocad Architecture	From 2020 to 2020.1.6
Autodesk Autocad Architecture	From 2021 to 2021.1.3
Autodesk Autocad Architecture	From 2022 to 2022.1.3
Autodesk Autocad Architecture	From 2023 to 2023.1.1
Autodesk Autocad Civil 3d	From 2020 to 2020.1.6
Autodesk Autocad Civil 3d	From 2021 to 2021.1.3
Autodesk Autocad Civil 3d	From 2022 to 2022.1.3
Autodesk Autocad Civil 3d	From 2023 to 2023.1.1
Autodesk Autocad Electrical	From 2020 to 2020.1.6
Autodesk Autocad Electrical	From 2021 to 2021.1.3
Autodesk Autocad Electrical	From 2022 to 2022.1.3
Autodesk Autocad Electrical	From 2023 to 2023.1.1
Autodesk Autocad Lt	From 2020 to 2020.1.6
Autodesk Autocad Lt	From 2021 to 2021.1.3
Autodesk Autocad Lt	From 2022 to 2022.1.3
Autodesk Autocad Lt	From 2023 to 2023.1.1
Autodesk Autocad Map 3d	From 2020 to 2020.1.6
Autodesk Autocad Map 3d	From 2021 to 2021.1.3
Autodesk Autocad Map 3d	From 2022 to 2022.1.3
Autodesk Autocad Map 3d	From 2023 to 2023.1.1
Autodesk Autocad Mechanical	From 2020 to 2020.1.6
Autodesk Autocad Mechanical	From 2021 to 2021.1.3
Autodesk Autocad Mechanical	From 2022 to 2022.1.3
Autodesk Autocad Mechanical	From 2023 to 2023.1.1
Autodesk Autocad Mep	From 2020 to 2020.1.6
Autodesk Autocad Mep	From 2021 to 2021.1.3
Autodesk Autocad Mep	From 2022 to 2022.1.3
Autodesk Autocad Mep	From 2023 to 2023.1.1
Autodesk Autocad Plant 3d	From 2020 to 2020.1.6
Autodesk Autocad Plant 3d	From 2021 to 2021.1.3
Autodesk Autocad Plant 3d	From 2022 to 2022.1.3
Autodesk Autocad Plant 3d	From 2023 to 2023.1.1

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.