CVE-2022-25797Out-of-bounds Write in DWG Trueview

CWE-787Out-of-bounds Write4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 55.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Autodesk DWG Trueview
Timeline
PublishedApr 13
Latest updateApr 14

Description

A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDautodesk/dwg_trueview2021, 2022+1

🔴Vulnerability Details

2
GHSA
GHSA-6pm8-5qm6-2qrm: A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files2022-04-14
CVEList
CVE-2022-25797: A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while par2022-04-13
CVE-2022-25797 — Out-of-bounds Write in DWG Trueview | cvebase