A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.
References
Link | Resource |
---|---|
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Apr 2022, 16:26
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 - Vendor Advisory | |
CWE | CWE-787 | |
CPE | cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:* cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:* cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:* |
|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
18 Apr 2022, 17:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-18 17:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-27529
Mitre link : CVE-2022-27529
CVE.ORG link : CVE-2022-27529
JSON object : View
Products Affected
autodesk
- autocad_map_3d
- autocad_lt
- civil_3d
- autocad_electrical
- autocad
- autocad_mechanical
- advance_steel
- autocad_mep
- autocad_plant_3d
- autocad_architecture
CWE
CWE-787
Out-of-bounds Write