CVE-2022-27532 — Out-of-bounds Write in 3DS MAX

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 45.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk 3DS MAX

Timeline

PublishedJun 16

Latest updateJun 17

Description

A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDautodesk/3ds_max2021 — 2021.3.8+1

🔴Vulnerability Details

GHSA

GHSA-63xm-2248-qghg: A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files↗2022-06-17

▶

CVEList

CVE-2022-27532: A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files↗2022-06-16

▶