CVE-2022-41310 — Out-of-bounds Write in Autocad

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 69.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Autocad Autodesk Autocad Advance Steel Autodesk Autocad Architecture +8 more

Timeline

PublishedOct 21

Description

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

▶NVDautodesk/design_review2018

▶NVDautodesk/autocad5 versions+4

▶NVDautodesk/autocad_lt5 versions+4

▶NVDautodesk/autocad_mep5 versions+4

▶NVDautodesk/autocad_map_3d5 versions+4

Patches

Patch: www.autodesk.com ↗Patch: www.autodesk.com ↗

🔴Vulnerability Details

GHSA

GHSA-3xff-6435-4373: A malicious crafted↗2022-10-21

▶

CVEList

CVE-2022-41310: A malicious crafted↗2022-10-21

▶