7.8
CVE-2022-27527
- EPSS 0.48%
- Veröffentlicht 19.04.2022 21:15:18
- Zuletzt bearbeitet 21.11.2024 06:55:53
- Quelle psirt@autodesk.com
- CVE-Watchlists
- Unerledigt
LoginA Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Autodesk ≫ Navisworks Version >= 2019 < 2019.6
Autodesk ≫ Navisworks Version >= 2020 < 2020.4
Autodesk ≫ Navisworks Version >= 2021 < 2021.3
Autodesk ≫ Navisworks Version >= 2022 < 2022.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.48% | 0.378 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010