PT-2022-17519 · Autodesk · Autodesk Autocad+1

Published

2022-03-07

Updated

2022-04-19

CVE-2022-25791

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Autodesk AutoCAD versions 2019 through 2022 Autodesk Navisworks versions 2022

Description A Memory Corruption issue exists in the parsing of DWF and DWFX files, potentially leading to code execution through maliciously crafted DLL files. This issue may be exploited remotely.

Recommendations For Autodesk AutoCAD versions 2019 through 2022, update to a version that includes the fix for this issue. For Autodesk Navisworks version 2022, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of DWF and DWFX file parsing functionality in affected Autodesk products until a patch is available.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2022-25791

ZDI-22-464

ZDI-22-558

ZDI-22-561

ZDI-22-564

ZDI-22-572

ZDI-22-573

Affected Products

Autodesk Autocad

Autodesk Navisworks

PT-2022-17519 · Autodesk · Autodesk Autocad+1

CVE-2022-25791

Weakness Enumeration

Related Identifiers

Affected Products

References · 9