CVE-2022-33888Out-of-bounds Write in Autocad

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 69.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Autodesk AutocadAutodesk Autocad Advance SteelAutodesk Autocad Architecture+7 more
Timeline
PublishedOct 3
Latest updateOct 4

Description

A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

NVDautodesk/autocad20222022.1.3+1
NVDautodesk/autocad_lt20222022.1.3+1
NVDautodesk/autocad_mep20222022.1.3+1
NVDautodesk/autocad_map_3d20222022.1.3+1
NVDautodesk/autocad_civil_3d20222022.1.3+1

🔴Vulnerability Details

2
GHSA
GHSA-v3f7-qhf3-wmpw: A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violati2022-10-04
CVEList
CVE-2022-33888: A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violati2022-10-03
CVE-2022-33888 — Out-of-bounds Write in Autocad | cvebase