7.8
CVE-2022-33889
- EPSS 0.06%
- Veröffentlicht 03.10.2022 15:15:17
- Zuletzt bearbeitet 21.11.2024 07:08:32
- Quelle psirt@autodesk.com
- CVE-Watchlists
- Unerledigt
LoginA maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Autodesk ≫ Autocad Advance Steel Version < 2022.1.3
Autodesk ≫ Autocad Advance Steel Version >= 2023.0.0 < 2023.1.1
Autodesk ≫ Autocad Architecture Version < 2022.1.3
Autodesk ≫ Autocad Architecture Version >= 2023.0.0 < 2023.1.1
Autodesk ≫ Autocad Civil 3d Version < 2022.1.3
Autodesk ≫ Autocad Civil 3d Version >= 2023.0.0 < 2023.1.1
Autodesk ≫ Autocad Electrical Version < 2022.1.3
Autodesk ≫ Autocad Electrical Version >= 2023.0.0 < 2023.1.1
Autodesk ≫ Autocad Lt Version < 2022.1.3
Autodesk ≫ Autocad Lt Version >= 2023.0.0 < 2023.1.1
Autodesk ≫ Autocad Map 3d Version < 2022.1.3
Autodesk ≫ Autocad Map 3d Version >= 2023.0.0 < 2023.1.1
Autodesk ≫ Autocad Mechanical Version < 2022.1.3
Autodesk ≫ Autocad Mechanical Version >= 2023.0.0 < 2023.1.1
Autodesk ≫ Autocad Mep Version < 2022.1.3
Autodesk ≫ Autocad Mep Version >= 2023.0.0 < 2023.1.1
Autodesk ≫ Autocad Plant 3d Version < 2022.1.3
Autodesk ≫ Autocad Plant 3d Version >= 2023.0.0 < 2023.1.1
Autodesk ≫ Design Review Version < 2018
Autodesk ≫ Design Review Version2018 Update-
Autodesk ≫ Design Review Version2018 Updatehotfix
Autodesk ≫ Design Review Version2018 Updatehotfix2
Autodesk ≫ Design Review Version2018 Updatehotfix3
Autodesk ≫ Design Review Version2018 Updatehotfix4
Autodesk ≫ Design Review Version2018 Updatehotfix5
Autodesk ≫ Design Review Version2018 Updatehotfix6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.196 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.