CVE-2022-42946

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.1HIGH
EPSS
0.1%
top 67.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Autodesk Maya
Timeline
PublishedDec 19

Description

Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5autodesk_maya2023, 2022
NVDautodesk/maya2023

🔴Vulnerability Details

2
GHSA
GHSA-fjmh-hhjx-7p2m: Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 to read beyond allocated buffer2022-12-19
CVEList
CVE-2022-42946: Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer2022-12-19
CVE-2022-42946 (HIGH CVSS 7.1) | Parsing a maliciously crafted X_B a | cvebase.io