CVE-2022-41307

Published: Oct 14, 2022Modified: May 14, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected (4)

Products: Autodesk: Subassembly Composer

Autodesk

1 product

Subassembly Composer

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Subassembly Composer	Version 2020
Autodesk Subassembly Composer	Version 2021
Autodesk Subassembly Composer	Version 2022
Autodesk Subassembly Composer	Version 2023

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020

Source: psirt@autodesk.com

PatchVendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.