CVE-2022-27529

EPSS 0.37%
Veröffentlicht 18.04.2022 17:15:16
Zuletzt bearbeitet 21.11.2024 06:55:53
Quelle psirt@autodesk.com
CVE-Watchlists
Login
Unerledigt
Login

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autodesk ≫ Advance Steel Version >= 2019 < 2019.1.4

Autodesk ≫ Advance Steel Version >= 2020 < 2020.1.5

Autodesk ≫ Advance Steel Version >= 2021 < 2021.1.2

Autodesk ≫ Advance Steel Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad SwPlatform- Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad SwPlatform- Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad SwPlatform- Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad SwPlatform- Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad SwPlatformmacos Version >= 2022 < 2022.2.2

Autodesk ≫ Autocad Architecture Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Architecture Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Architecture Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Architecture Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Electrical Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Electrical Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Electrical Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Electrical Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Lt SwPlatform- Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Lt SwPlatform- Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Lt SwPlatform- Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Lt SwPlatform- Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Lt SwPlatformmacos Version >= 2022 < 2022.2.2

Autodesk ≫ Autocad Map 3d Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Map 3d Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Map 3d Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Map 3d Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Mechanical Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Mechanical Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Mechanical Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Mechanical Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Mep Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Mep Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Mep Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Mep Version >= 2022 < 2022.1.2

Autodesk ≫ Autocad Plant 3d Version >= 2019 < 2019.1.4

Autodesk ≫ Autocad Plant 3d Version >= 2020 < 2020.1.5

Autodesk ≫ Autocad Plant 3d Version >= 2021 < 2021.1.2

Autodesk ≫ Autocad Plant 3d Version >= 2022 < 2022.1.2

Autodesk ≫ Civil 3d Version >= 2019 < 2019.1.4

Autodesk ≫ Civil 3d Version >= 2020 < 2020.1.5

Autodesk ≫ Civil 3d Version >= 2021 < 2021.1.2

Autodesk ≫ Civil 3d Version >= 2022 < 2022.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.577

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-27529

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27529

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27529

EUVD