CVE-2022-41306

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGH

EPSS

0.1%

top 80.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Design Review

Timeline

PublishedOct 14

Description

A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDautodesk/design_review2018

▶CVEListV5autodesk®_design_review2018

Patches

Patch: www.autodesk.com ↗Patch: www.autodesk.com ↗

🔴Vulnerability Details

GHSA

GHSA-m752-mj3j-547p: A maliciously crafted PCT file when consumed through DesignReview↗2022-10-14

▶

CVEList

CVE-2022-41306: A maliciously crafted PCT file when consumed through DesignReview↗2022-10-14

▶