CVE-2022-42938

CWE-787Out-of-bounds Write4 documents4 sources
Severity
7.8HIGH
EPSS
0.2%
top 55.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Autodesk AutocadAutodesk Autocad Advance SteelAutodesk Autocad Architecture+8 more
Timeline
PublishedOct 21

Description

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5autodesk_design_review2018, 2017, 2013, 2012, 2011
NVDautodesk/autocad5 versions+4
NVDautodesk/autocad_lt5 versions+4
NVDautodesk/autocad_mep5 versions+4

Patches

Patch: www.autodesk.comPatch: www.autodesk.com

🔴Vulnerability Details

2
CVEList
CVE-2022-42938: A malicious crafted TGA file when consumed through DesignReview2022-10-21
GHSA
GHSA-j483-m8g3-fj6h: A malicious crafted TGA file when consumed through DesignReview2022-10-21
CVE-2022-42938 (HIGH CVSS 7.8) | A malicious crafted TGA file when c | cvebase.io