CVE-2022-25795

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Autodesk TrueView versions 2021 through 2022

Description A memory corruption issue may lead to remote code execution through maliciously crafted DWG files. This can occur when parsing DWG files, allowing an attacker to write beyond the allocated buffer and potentially execute arbitrary code.

Recommendations For Autodesk TrueView versions 2021 and 2022, update to a version that includes the fix for this issue to prevent remote code execution through malicious DWG files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755

Related Identifiers

CVE-2022-25795

ZDI-22-467

ZDI-22-468

ZDI-22-469

ZDI-22-472

ZDI-22-548

ZDI-22-549

ZDI-22-550

ZDI-22-551

ZDI-22-552

ZDI-22-555

ZDI-22-556

Affected Products

Autodesk Trueview

CVE-2022-25795

Weakness Enumeration

Related Identifiers

Affected Products

References · 16