CVE-2022-33881

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0014	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:autocad_civil_3d:2023:::::::*
	cpe:2.3:a:autodesk:autocad_lt:2023:::::::*
	cpe:2.3:a:autodesk:autocad_plant_3d:2023:::::::*
	cpe:2.3:a:autodesk:autocad_mep:2023:::::::*
	cpe:2.3:a:autodesk:autocad_mechanical:2023:::::::*
	cpe:2.3:a:autodesk:autocad_map_3d:2023:::::::*
	cpe:2.3:a:autodesk:autocad_electrical:2023:::::::*
	cpe:2.3:a:autodesk:autocad_architecture:2023:::::::*
	cpe:2.3:a:autodesk:autocad:2023:::::::*
	cpe:2.3:a:autodesk:autocad_advance_steel:2023:::::::*

Information

Published : 2022-07-29 09:15

Updated : 2022-08-05 08:23

NVD link : CVE-2022-33881

Mitre link : CVE-2022-33881

JSON object : View

CWE

CWE-125

Out-of-bounds Read

Advertisement

Products Affected

autodesk

autocad
autocad_mep
autocad_advance_steel
autocad_electrical
autocad_lt
autocad_civil_3d
autocad_map_3d
autocad_mechanical
autocad_architecture
autocad_plant_3d

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0014", "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0014", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-125"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-33881", "ASSIGNER": "psirt@autodesk.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}}, "publishedDate": "2022-07-29T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-05T15:23Z"}