CVE-2022-27529Out-of-bounds Write in Advance Steel

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 41.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Autodesk Advance SteelAutodesk AutocadAutodesk Autocad Architecture+7 more
Timeline
PublishedApr 18
Latest updateApr 19

Description

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDautodesk/autocad20192019.1.4+4
NVDautodesk/autocad_lt20192019.1.4+4
NVDautodesk/autocad_mep20192019.1.4+3
NVDautodesk/autocad_map_3d20192019.1.4+3
NVDautodesk/autocad_plant_3d20192019.1.4+3

🔴Vulnerability Details

2
GHSA
GHSA-236p-gvjj-h5mq: A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while par2022-04-19
CVEList
CVE-2022-27529: A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while par2022-04-18
CVE-2022-27529 — Out-of-bounds Write in Advance Steel | cvebase