PT-2022-6161 · Autodesk · Autodesk Trueview

Published

2022-04-13

Updated

2022-04-21

CVE-2022-27523

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Autodesk TrueView version 2022

Description A buffer over-read issue can be exploited through the use of a maliciously crafted DWG file, potentially leading to the exposure of sensitive information or a crash. This issue, in conjunction with other vulnerabilities, could lead to code execution in the context of the current process. The vulnerability is caused by a buffer over-read operation in memory, which can be exploited by a remote attacker to cause the application to crash or execute arbitrary code.

Recommendations For Autodesk TrueView version 2022, consider avoiding the use of maliciously crafted DWG files until a patch is available. As a temporary workaround, restrict the opening of untrusted DWG files to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2023-00258

CVE-2022-27523

Affected Products

Autodesk Trueview

PT-2022-6161 · Autodesk · Autodesk Trueview

CVE-2022-27523

Weakness Enumeration

Related Identifiers

Affected Products

References · 5