CVE-2022-25797

Name of the Vulnerable Software and Affected Versions Autodesk TrueView versions 2021, 2022 Autodesk AutoCAD versions 2019, 2020, 2021, 2022

Description The issue is related to a buffer overflow in memory when parsing DWG or PDF files, which can be exploited by a remote attacker using a specially crafted file to execute arbitrary code in the context of the current user. This can occur due to the application's failure to properly handle crafted files, leading to an unhandled exception.

Recommendations For Autodesk TrueView versions 2021, 2022, update to a version that includes the fix for this issue. For Autodesk AutoCAD versions 2019, 2020, 2021, 2022, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the DWG and PDF parsing functions until a patch is available. Avoid using the vulnerable software to open or parse untrusted DWG or PDF files until the issue is resolved.