CVE-2022-33889

Published: Oct 3, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.

Affected (28)

Products: Autodesk: Autocad, Autocad Advance Steel, Autocad Architecture, Autocad Civil 3d, Autocad Electrical, Autocad Lt, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Design Review

Autodesk

11 products

Autocad

Autocad Advance Steel

Configuration A

28 vulnerable

Vulnerable Software	Affected Versions
Autodesk Autocad	Before 2022.1.3
Autodesk Autocad	From 2023.0.0 to 2023.1.1
Autodesk Autocad Advance Steel	Before 2022.1.3
Autodesk Autocad Advance Steel	From 2023.0.0 to 2023.1.1
Autodesk Autocad Architecture	Before 2022.1.3
Autodesk Autocad Architecture	From 2023.0.0 to 2023.1.1
Autodesk Autocad Civil 3d	Before 2022.1.3
Autodesk Autocad Civil 3d	From 2023.0.0 to 2023.1.1
Autodesk Autocad Electrical	Before 2022.1.3
Autodesk Autocad Electrical	From 2023.0.0 to 2023.1.1
Autodesk Autocad Lt	Before 2022.1.3
Autodesk Autocad Lt	From 2023.0.0 to 2023.1.1
Autodesk Autocad Map 3d	Before 2022.1.3
Autodesk Autocad Map 3d	From 2023.0.0 to 2023.1.1
Autodesk Autocad Mechanical	Before 2022.1.3
Autodesk Autocad Mechanical	From 2023.0.0 to 2023.1.1
Autodesk Autocad Mep	Before 2022.1.3
Autodesk Autocad Mep	From 2023.0.0 to 2023.1.1
Autodesk Autocad Plant 3d	Before 2022.1.3
Autodesk Autocad Plant 3d	From 2023.0.0 to 2023.1.1
Autodesk Design Review	Before 2018
Autodesk Design Review	Version 2018
Autodesk Design Review	Version 2018 hotfix2
Autodesk Design Review	Version 2018 hotfix3
Autodesk Design Review	Version 2018 hotfix4
Autodesk Design Review	Version 2018 hotfix5
Autodesk Design Review	Version 2018 hotfix6
Autodesk Design Review	Version 2018 hotfix

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.