CVE-2022-41301

Published: Oct 3, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected (4)

Products: Autodesk: Subassembly Composer

Autodesk

1 product

Subassembly Composer

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Subassembly Composer	From 2020 to 2020.6.3
Autodesk Subassembly Composer	From 2021 to 2021.3.2
Autodesk Subassembly Composer	From 2022 to 2022.2.1
Autodesk Subassembly Composer	From 2023 to 2023.1

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0018

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0018

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.