← Back

CVE-2022-33886

nvd nist
Published: Oct 3, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.

Affected (20)

Autodesk
10 products
Autocad
Autocad Advance Steel
Autocad Architecture
Autocad Civil 3d
Autocad Electrical
Autocad Lt
Autocad Map 3d
Autocad Mechanical
Autocad Mep
Autocad Plant 3d
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Autodesk
Autocad
From 2022 to 2022.1.3
Autocad
From 2023 to 2023.1.1
Autodesk
Autocad Advance Steel
From 2022 to 2022.1.3
Autocad Advance Steel
From 2023 to 2023.1.1
Autodesk
Autocad Architecture
From 2022 to 2022.1.3
Autocad Architecture
From 2023 to 2023.1.1
Autodesk
Autocad Civil 3d
From 2022 to 2022.1.3
Autocad Civil 3d
From 2023 to 2023.1.1
Autodesk
Autocad Electrical
From 2022 to 2022.1.3
Autocad Electrical
From 2023 to 2023.1.1
Autodesk
Autocad Lt
From 2022 to 2022.1.3
Autocad Lt
From 2023 to 2023.1.1
Autodesk
Autocad Map 3d
From 2022 to 2022.1.3
Autocad Map 3d
From 2023 to 2023.1.1
Autodesk
Autocad Mechanical
From 2022 to 2022.1.3
Autocad Mechanical
From 2023 to 2023.1.1
Autodesk
Autocad Mep
From 2022 to 2022.1.3
Autocad Mep
From 2023 to 2023.1.1
Autodesk
Autocad Plant 3d
From 2022 to 2022.1.3
Autocad Plant 3d
From 2023 to 2023.1.1

Related CWEs

CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.

References (2)

Source: psirt@autodesk.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.