CVE-2022-27527 — Out-of-bounds Write in Navisworks

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 79.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Navisworks

Timeline

PublishedApr 19

Latest updateApr 20

Description

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDautodesk/navisworks2019 — 2019.6+3

▶CVEListV5autodesk/navisworks2022, 2020

🔴Vulnerability Details

GHSA

GHSA-gq53-gwrx-3g2w: A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files↗2022-04-20

▶

CVEList

CVE-2022-27527: A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files↗2022-04-19

▶