CVE-2022-25790: A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.

Affected

42 ranges· showing 25

Vendor	Product	Version range	Fixed in
autodesk	advance_steel	>= 2019 < 2019.1.4	2019.1.4
autodesk	advance_steel	>= 2020 < 2020.1.5	2020.1.5
autodesk	advance_steel	>= 2021 < 2021.1.2	2021.1.2
autodesk	advance_steel	>= 2022 < 2022.1.2	2022.1.2
autodesk	autocad	>= 2019 < 2019.1.4	2019.1.4
autodesk	autocad	>= 2020 < 2020.1.5	2020.1.5
autodesk	autocad	>= 2021 < 2021.1.2	2021.1.2
autodesk	autocad	>= 2022 < 2022.1.2	2022.1.2
autodesk	autocad	>= 2022 < 2022.2.2	2022.2.2
autodesk	autocad_architecture	>= 2019 < 2019.1.4	2019.1.4
autodesk	autocad_architecture	>= 2020 < 2020.1.5	2020.1.5
autodesk	autocad_architecture	>= 2021 < 2021.1.2	2021.1.2
autodesk	autocad_architecture	>= 2022 < 2022.1.2	2022.1.2
autodesk	autocad_electrical	>= 2019 < 2019.1.4	2019.1.4
autodesk	autocad_electrical	>= 2020 < 2020.1.5	2020.1.5
autodesk	autocad_electrical	>= 2021 < 2021.1.2	2021.1.2
autodesk	autocad_electrical	>= 2022 < 2022.1.2	2022.1.2
autodesk	autocad_lt	>= 2019 < 2019.1.4	2019.1.4
autodesk	autocad_lt	>= 2020 < 2020.1.5	2020.1.5
autodesk	autocad_lt	>= 2021 < 2021.1.2	2021.1.2
autodesk	autocad_lt	>= 2022 < 2022.1.2	2022.1.2
autodesk	autocad_map_3d	>= 2019 < 2019.1.4	2019.1.4
autodesk	autocad_map_3d	>= 2020 < 2020.1.5	2020.1.5
autodesk	autocad_map_3d	>= 2021 < 2021.1.2	2021.1.2
autodesk	autocad_map_3d	>= 2022 < 2022.1.2	2022.1.2