CVE-2022-33886

Name of the Vulnerable Software and Affected Versions Autodesk AutoCAD versions 2020 through 2023 Autodesk Maya versions 2022 through 2023

Description The issue is related to the incorrect handling of exceptional states in the software, which can be exploited by using specially crafted MODEL and SLDPRT files. This can lead to writing beyond the allocated buffer while parsing through the files, causing an unhandled exception. A malicious actor could leverage this to execute arbitrary code.

Recommendations For Autodesk AutoCAD versions 2020 through 2023, consider disabling the parsing of MODEL and SLDPRT files until a patch is available. For Autodesk Maya versions 2022 through 2023, restrict access to the file parsing functionality to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable file parsing functionality in both Autodesk AutoCAD and Maya until the issue is resolved.