7.8
CVE-2022-33888
- EPSS 0.06%
- Veröffentlicht 03.10.2022 15:15:17
- Zuletzt bearbeitet 20.05.2025 15:15:47
- Quelle psirt@autodesk.com
- CVE-Watchlists
- Unerledigt
LoginA malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Autodesk ≫ Autocad Advance Steel Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Advance Steel Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Architecture Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Architecture Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Civil 3d Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Civil 3d Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Electrical Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Electrical Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Lt Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Lt Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Map 3d Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Map 3d Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Mechanical Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Mechanical Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Mep Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Mep Version >= 2023 < 2023.1.1
Autodesk ≫ Autocad Plant 3d Version >= 2022 < 2022.1.3
Autodesk ≫ Autocad Plant 3d Version >= 2023 < 2023.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.197 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.