PT-2022-21890 · Autodesk · Autocad+1
Published
2022-10-03
·
Updated
2022-10-05
·
CVE-2022-33889
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Autodesk Design Review version 2018
AutoCAD versions 2022 through 2023
Description
A maliciously crafted GIF or JPEG file can be used to write beyond the allocated heap buffer when parsed through the affected software, potentially leading to arbitrary code execution.
Recommendations
For Autodesk Design Review version 2018, update to a version that includes a fix for this issue.
For AutoCAD versions 2022 and 2023, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting the use of GIF and JPEG files in the affected software until a patch is available.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autocad
Autodesk Design Review