CVE-2022-33886Improper Handling of Exceptional Conditions in Autocad

CWE-755Improper Handling of Exceptional Conditions3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 69.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Autodesk AutocadAutodesk Autocad Advance SteelAutodesk Autocad Architecture+7 more
Timeline
PublishedOct 3
Latest updateOct 4

Description

A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDautodesk/autocad20222022.1.3+1
NVDautodesk/autocad_lt20222022.1.3+1
NVDautodesk/autocad_mep20222022.1.3+1
NVDautodesk/autocad_map_3d20222022.1.3+1
NVDautodesk/autocad_civil_3d20222022.1.3+1

🔴Vulnerability Details

2
GHSA
GHSA-89m6-mgpf-v9cj: A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023 and 20222022-10-04
CVEList
CVE-2022-33886: A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021,2022-10-03
CVE-2022-33886 — Autodesk Autocad vulnerability | cvebase