PT-2022-17518 · Autodesk · Autodesk Autocad+1

Published

2022-03-07

Updated

2022-04-19

CVE-2022-25790

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Autodesk AutoCAD versions 2019 through 2022 Autodesk Navisworks versions 2022

Description The issue arises from a maliciously crafted DWF file that can be used to write beyond the allocated boundaries when parsing the DWF files, potentially leading to code execution.

Recommendations For Autodesk AutoCAD versions 2019 through 2022, update to a version that includes the fix for this issue. For Autodesk Navisworks version 2022, update to a version that includes the fix for this issue.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2022-25790

ZDI-22-463

ZDI-22-475

ZDI-22-553

ZDI-22-559

ZDI-22-560

ZDI-22-562

ZDI-22-563

ZDI-22-569

ZDI-22-570

Affected Products

Autodesk Autocad

Autodesk Navisworks

PT-2022-17518 · Autodesk · Autodesk Autocad+1

CVE-2022-25790

Weakness Enumeration

Related Identifiers

Affected Products

References · 12