CVE-2022-27871

EPSS 0.37%
Veröffentlicht 21.06.2022 15:15:08
Zuletzt bearbeitet 21.11.2024 06:56:22
Quelle psirt@autodesk.com
CVE-Watchlists
Login
Unerledigt
Login

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Autodesk ≫ 3ds Max Version2021

Autodesk ≫ 3ds Max Version2022

Autodesk ≫ Advance Steel Version2019

Autodesk ≫ Advance Steel Version2020

Autodesk ≫ Advance Steel Version2021

Autodesk ≫ Advance Steel Version2022

Autodesk ≫ Autocad Version2019

Autodesk ≫ Autocad Version2020

Autodesk ≫ Autocad Version2021

Autodesk ≫ Autocad Version2022

Autodesk ≫ Autocad Version2022 SwPlatformmacos

Autodesk ≫ Autocad Architecture Version2019

Autodesk ≫ Autocad Architecture Version2020

Autodesk ≫ Autocad Architecture Version2021

Autodesk ≫ Autocad Architecture Version2022

Autodesk ≫ Autocad Civil 3d Version2019

Autodesk ≫ Autocad Civil 3d Version2020

Autodesk ≫ Autocad Civil 3d Version2021

Autodesk ≫ Autocad Civil 3d Version2022

Autodesk ≫ Autocad Electrical Version2019

Autodesk ≫ Autocad Electrical Version2020

Autodesk ≫ Autocad Electrical Version2021

Autodesk ≫ Autocad Electrical Version2022

Autodesk ≫ Autocad Lt Version2019

Autodesk ≫ Autocad Lt Version2020

Autodesk ≫ Autocad Lt Version2021

Autodesk ≫ Autocad Lt Version2022

Autodesk ≫ Autocad Lt Version2022 SwPlatformmacos

Autodesk ≫ Autocad Map 3d Version2019

Autodesk ≫ Autocad Map 3d Version2020

Autodesk ≫ Autocad Map 3d Version2021

Autodesk ≫ Autocad Map 3d Version2022

Autodesk ≫ Autocad Mechanical Version2019

Autodesk ≫ Autocad Mechanical Version2020

Autodesk ≫ Autocad Mechanical Version2021

Autodesk ≫ Autocad Mechanical Version2022

Autodesk ≫ Autocad Mep Version2019

Autodesk ≫ Autocad Mep Version2020

Autodesk ≫ Autocad Mep Version2021

Autodesk ≫ Autocad Mep Version2022

Autodesk ≫ Autocad Plant 3d Version2019

Autodesk ≫ Autocad Plant 3d Version2020

Autodesk ≫ Autocad Plant 3d Version2021

Autodesk ≫ Autocad Plant 3d Version2022

Autodesk ≫ Design Review Version2018 Update-

Autodesk ≫ Navisworks Version2019

Autodesk ≫ Navisworks Version2020

Autodesk ≫ Navisworks Version2022

Autodesk ≫ Revit Version2020

Autodesk ≫ Revit Version2021

Autodesk ≫ Revit Version2022

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.579

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-27871

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27871

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27871

EUVD