7.8
CVE-2022-33886
- EPSS 0.06%
- Veröffentlicht 03.10.2022 15:15:17
- Zuletzt bearbeitet 21.11.2024 07:08:31
- Quelle psirt@autodesk.com
- CVE-Watchlists
- Unerledigt
LoginA maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Autodesk ≫ Autocad Advance Steel Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Advance Steel Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Architecture Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Architecture Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Civil 3d Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Civil 3d Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Electrical Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Electrical Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Lt Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Lt Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Map 3d Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Map 3d Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Mechanical Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Mechanical Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Mep Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Mep Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Plant 3d Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Plant 3d Version >= 2023 < 2023.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.197 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-755 Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.