CVE-2022-41305

Published: Oct 14, 2022Modified: May 14, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected (4)

Products: Autodesk: Subassembly Composer

Autodesk

1 product

Subassembly Composer

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Subassembly Composer	Version 2020
Autodesk Subassembly Composer	Version 2021
Autodesk Subassembly Composer	Version 2022
Autodesk Subassembly Composer	Version 2023

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0019

Source: psirt@autodesk.com

Not Applicable

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0019

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.