All the vulnerabilites related to autodesk - civil_3d
cve-2022-25790
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Navisworks, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022.1, 2022.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Navisworks, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1, 2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:51",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-25790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Navisworks, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1, 2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-25790",
"datePublished": "2022-04-11T19:37:51",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7359
Vulnerability from cvelistv5
Published
2019-04-09 19:22
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | Autodesk Advance Steel |
Version: 2018 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Map 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD P\u0026ID",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T16:26:16",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2019-7359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advance Steel",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Architecture",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Electrical",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Map 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD MEP",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD P\u0026ID",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD LT",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk Civil 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
}
]
},
"vendor_name": "Autodesk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2019-7359",
"datePublished": "2019-04-09T19:22:56",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25792
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:52",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-25792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-25792",
"datePublished": "2022-04-11T19:37:52",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40158
Vulnerability from cvelistv5
Published
2022-01-25 00:00
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inventor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40158",
"datePublished": "2022-01-25T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25789
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:50",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-25789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-25789",
"datePublished": "2022-04-11T19:37:50",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7358
Vulnerability from cvelistv5
Published
2019-04-09 19:22
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | Autodesk AutoCAD LT |
Version: 2018 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Map 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD P\u0026ID",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T19:22:39",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2019-7358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk AutoCAD LT",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk Civil 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk Advance Steel",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Architecture",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Electrical",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Map 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD MEP",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD P\u0026ID",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
}
]
},
"vendor_name": "Autodesk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2019-7358",
"datePublished": "2019-04-09T19:22:39",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40160
Vulnerability from cvelistv5
Published
2021-12-23 18:31
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT, Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 9.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Read Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-18T16:20:48",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2021-40160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT, Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
"version": {
"version_data": [
{
"version_value": "prior to 9.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Read Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40160",
"datePublished": "2021-12-23T18:31:31",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27040
Vulnerability from cvelistv5
Published
2021-06-25 12:41
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1238/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-1236/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-378/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-22-473/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022, 2021, 2020, 2019 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:46.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Read Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-07T16:06:28",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2021-27040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022, 2021, 2020, 2019"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Read Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-27040",
"datePublished": "2021-06-25T12:41:07",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:40:46.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25791
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:51",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-25791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-25791",
"datePublished": "2022-04-11T19:37:51",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27042
Vulnerability from cvelistv5
Published
2021-06-25 12:41
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption Vulnerability ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:06:06",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2021-27042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption Vulnerability "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-27042",
"datePublished": "2021-06-25T12:41:19",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7361
Vulnerability from cvelistv5
Published
2019-04-09 19:22
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | Autodesk Civil 3D |
Version: 2018 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Map 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD P\u0026ID",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T19:22:15",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2019-7361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Civil 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk Advance Steel",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Architecture",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Electrical",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Map 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD MEP",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD P\u0026ID",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD LT",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
}
]
},
"vendor_name": "Autodesk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2019-7361",
"datePublished": "2019-04-09T19:22:15",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40161
Vulnerability from cvelistv5
Published
2021-12-23 18:31
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT, Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "prior to 9.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-18T16:20:49",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2021-40161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT, Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
"version": {
"version_data": [
{
"version_value": "prior to 9.0.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40161",
"datePublished": "2021-12-23T18:31:43",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27043
Vulnerability from cvelistv5
Published
2021-06-25 12:41
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Write-what-where Condition Vulnerabiliity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:06:07",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2021-27043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Write-what-where Condition Vulnerabiliity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-27043",
"datePublished": "2021-06-25T12:41:26",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27041
Vulnerability from cvelistv5
Published
2021-06-25 12:41
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Write Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-13T17:06:06",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2021-27041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-27041",
"datePublished": "2021-06-25T12:41:13",
"dateReserved": "2021-02-09T00:00:00",
"dateUpdated": "2024-08-03T20:40:47.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27530
Vulnerability from cvelistv5
Published
2022-04-18 16:20
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022, 2021, 2020, 2019 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-18T16:20:28",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-27530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022, 2021, 2020, 2019"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-27530",
"datePublished": "2022-04-18T16:20:28",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:59.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8587
Vulnerability from cvelistv5
Published
2024-10-29 21:03
Modified
2024-12-16 05:50
Severity ?
EPSS score ?
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T13:51:55.963535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T15:03:53.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T05:50:35.741Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-8587",
"datePublished": "2024-10-29T21:03:58.156Z",
"dateReserved": "2024-09-09T03:01:59.536Z",
"dateUpdated": "2024-12-16T05:50:35.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7364
Vulnerability from cvelistv5
Published
2019-08-23 19:36
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD P&ID |
Version: 2017, 2018, 2019, 2020 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD P\u0026ID",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2017, 2018, 2019, 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P\u0026ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL preloading vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T19:36:17",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2019-7364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD P\u0026ID",
"version": {
"version_data": [
{
"version_value": "2017, 2018, 2019, 2020"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P\u0026ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL preloading vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002",
"refsource": "CONFIRM",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2019-7364",
"datePublished": "2019-08-23T19:36:17",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7360
Vulnerability from cvelistv5
Published
2019-04-09 19:21
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | Autodesk Civil 3D |
Version: 2018 |
||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Map 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD P\u0026ID",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
},
{
"product": "Autodesk AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2018"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-13T16:32:48",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2019-7360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Civil 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk Advance Steel",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Architecture",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Electrical",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Map 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Mechanical",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD MEP",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD P\u0026ID",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
},
{
"product_name": "Autodesk AutoCAD LT",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
}
]
},
"vendor_name": "Autodesk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2019-7360",
"datePublished": "2019-04-09T19:21:46",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25788
Vulnerability from cvelistv5
Published
2022-04-19 20:26
Modified
2024-08-03 04:49
Severity ?
EPSS score ?
Summary
A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:26:31",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-25788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-25788",
"datePublished": "2022-04-19T20:26:31",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-40159
Vulnerability from cvelistv5
Published
2022-01-25 00:00
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inventor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40159",
"datePublished": "2022-01-25T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-27529
Vulnerability from cvelistv5
Published
2022-04-18 16:20
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Version: 2022, 2021, 2020, 2019 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:58.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-18T16:20:27",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-27529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022, 2021, 2020, 2019"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-27529",
"datePublished": "2022-04-18T16:20:27",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:32:58.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-04-09 20:30
Modified
2024-11-21 04:48
Severity ?
Summary
An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | advance_steel | 2018 | |
| autodesk | autocad | 2018 | |
| autodesk | autocad_architecture | 2018 | |
| autodesk | autocad_electrical | 2018 | |
| autodesk | autocad_lt | 2018 | |
| autodesk | autocad_map_3d | 2018 | |
| autodesk | autocad_mechanical | 2018 | |
| autodesk | autocad_mep | 2018 | |
| autodesk | autocad_p\&id | 2018 | |
| autodesk | autocad_plant_3d | 2018 | |
| autodesk | civil_3d | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "461B3C59-740C-4530-80DA-23DD38A0EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2610D4-81E7-4B85-9147-C3F24895EDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "ECDE64CF-3527-4C9A-9672-E2FA3BCC8B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2B0DF8-8827-4CF2-94F1-D2871FA5095F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "85BF0890-5AE7-46BA-8FD4-667B20081A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C4F749-A0C3-4C25-B5FC-CE3E49AFF8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "E34DF2FB-6A4F-4060-9DE4-EE635D9056E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "BA943872-F736-4EC2-8328-9AABCAE08154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_p\\\u0026id:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "B80C406D-9E82-4B2B-8065-FEB797DE65B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "68F6B255-EE77-48BA-AEEE-9395C85BF274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "2692C0E3-9A82-42BA-A80D-8A0D72FD3164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018."
},
{
"lang": "es",
"value": "Un atacante puede convencer a una v\u00edctima para abrir un archivo micro de acci\u00f3n maliciosa (.actm) que tiene datos serializados, lo que puede desencadenar una ejecuci\u00f3n de c\u00f3digo en Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P \u0026 ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018 y Autodesk Civil 3D 2018."
}
],
"id": "CVE-2019-7361",
"lastModified": "2024-11-21T04:48:05.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-09T20:30:21.383",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 06:55
Severity ?
Summary
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "395D75D7-FE8C-461D-8642-98BE81AA5277",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD44E-386E-42C9-8B2E-90F29855DF4A",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDC63B1-6EA4-48C6-998A-A86A82A74BD4",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "41A08A1E-5CC8-4F1A-8485-871366315BAC",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "A8B6181F-DFD8-4105-B277-95729F8EF34F",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "B234B44D-C528-4213-AE32-DEED2EC472F1",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "E3116E10-FB93-4EC7-957E-B130FE5153BF",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8357611C-929E-407C-B4C8-6ED926E513C6",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F616B84F-B471-43B9-BC5D-BA6CCE461F56",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0B37E9-4987-4B96-9B31-6168961E1496",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E716111F-273B-48DF-ADEA-44BADE5E7FEB",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71FA0271-BE55-48AD-B88D-34645684E9DE",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "04AF77FA-C980-47ED-B4C5-EEA965D425DF",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "F5783F63-D6BF-44BB-8001-3134D4CD5CF0",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "3E1AB702-ABBD-4110-9B27-F4C2EC3F6A00",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "0DC17B10-E6E8-4D49-BDEF-DBC5097580C9",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "EEC464C9-D741-41B4-B460-B4305BCD83FA",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "230F8974-9613-4B58-8621-67CCE81E208C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9184783-2476-4ED0-9F05-CA2AC68446B3",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "752B8F1C-54E3-4985-97A4-86FBF13E6BFD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAA6D71-2B11-4490-A1C4-652347582EF6",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F78C528-605C-46F3-8CF0-828B682745B3",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1075AC6C-C9E1-45EA-B371-B06235C6AA86",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E140DC9-7000-48ED-A5C7-B23023DFB199",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C71A1AD7-4651-4FA9-9114-023E07DCB285",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A2E5FC-9717-47C1-A223-F90DC572DAB0",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "984491F0-8303-4C6C-B884-00C032D797DD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6929C4B1-27A0-4595-ABB6-48BB7F03A3EB",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4E278B-360E-4F00-8479-9531EB417269",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577AEF72-23CC-45D9-B391-8A3D79DAB5BA",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code."
},
{
"lang": "es",
"value": "Un archivo PICT, BMP, PSD o TIF dise\u00f1ado de forma maliciosa en Autodesk AutoCAD versiones 2022, 2021, 2020, 2019, puede usarse para escribir m\u00e1s all\u00e1 del b\u00fafer asignado mientras es analizado un archivo PICT, BMP, PSD o TIF. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-27529",
"lastModified": "2024-11-21T06:55:53.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-18T17:15:16.897",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-25 13:15
Modified
2024-11-21 05:57
Severity ?
Summary
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC0E547-C366-4A0E-95DE-EC420492E698",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8319413-E093-4931-B2DB-A46522DF93C9",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B350B87-23EC-44F8-9A5F-9AC815E15BD9",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE14E69-8BCB-4E00-8BAB-CB7F1688DC27",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A084A960-35D8-4B9C-87DE-0213CA40CAD8",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20EE0BDC-3A97-4CD4-A232-922F8D613856",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDD2042-5313-4658-AA4E-109684E91C43",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE031BD1-9F02-44C2-865E-2011511B36F5",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A51CDDA-0D83-4331-9AB6-F6ED076157F6",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143F8B16-E253-477E-9875-94928BE5596B",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607A4804-A286-4237-82C3-8BE98662AE20",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "967B286E-5E73-47E3-BC2F-951E26720370",
"versionEndIncluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C50E3E-8EFA-4B0D-B284-CF8FE4129866",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD4F808-CA46-4A8E-82DD-6D1A82DDF91C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD09E68-2C34-4E76-9B67-868FA6E825A6",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08BC587D-E4C7-4758-8AF5-1970892C35C8",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282A07AC-8D43-4580-8D2E-8E30370049F3",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E4967-AC88-42D6-98C2-1BA63F20BD5C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49512EB3-DE17-45FF-AB90-2966462A9C3C",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A870BA-E78E-4975-BF6D-7D410BE8CD6C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF85630-3DDC-4026-AC5A-F1B197F98C9E",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5309100-B3E9-4144-AEA3-B9030E93FD78",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "954682D1-2E7A-4EAB-B4B8-43E2038EB7C7",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1016D7F3-2780-4412-A7AA-361B44A8632E",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D0B0D7-FC6F-43D8-85AA-AC0BD464E5A1",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6DF983-6772-45D4-A82A-EE1BB2EEFD4F",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7ABD866-E08B-42F3-A19A-5574563AA540",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6716F29E-FBA2-4178-A8AE-269D9CC5AC59",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "372905FF-2C9B-4366-BE56-36CACDA63BCD",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F1DCEB-7ABB-4109-943A-E2DEFB17D330",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA49E2B8-CBF5-4F6E-A832-D1FDB597FADE",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF7601F-D6A3-4CD6-961D-B8B1B82E29CE",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F285B8D-585C-4C23-98FA-E09DE53C8247",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A10D9CEE-D92D-470D-928F-8F90243618EE",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0199953B-BCAC-405E-BDC6-951BEAE01570",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDFDF50-5230-41F1-B380-AD3EC4B53DB7",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3326B-382B-4137-B0E7-0D54E825B717",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48F67A57-7528-406B-9BF1-6A963F732564",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "825FC323-CAE7-4B39-85AD-966980D30D89",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F430EA73-2B9F-42D9-9005-42F439ABF63C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713BBAEC-BE6D-40BC-9FB3-EBB906FB09BA",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC66E916-D8A4-475B-A7E3-4E2FEF46A7B9",
"versionEndIncluding": "10.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE9E820-2348-4895-9F7D-96071747109D",
"versionEndIncluding": "4.04e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code."
},
{
"lang": "es",
"value": "Un archivo DWG dise\u00f1ado maliciosamente puede ser forzado a leer m\u00e1s all\u00e1 de los l\u00edmites asignados al analizar el archivo DWG. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-27040",
"lastModified": "2024-11-21T05:57:13.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-25T13:15:08.187",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 20:15
Modified
2024-11-21 06:53
Severity ?
Summary
A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "395D75D7-FE8C-461D-8642-98BE81AA5277",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD44E-386E-42C9-8B2E-90F29855DF4A",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDC63B1-6EA4-48C6-998A-A86A82A74BD4",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E84020-F179-4AF3-BF9C-6D27259B2847",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87941CE7-7F89-4A09-BBE8-A0D829273A63",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F50DF-4792-4A29-BB21-5821CA5E3A22",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8357611C-929E-407C-B4C8-6ED926E513C6",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F616B84F-B471-43B9-BC5D-BA6CCE461F56",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0B37E9-4987-4B96-9B31-6168961E1496",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E716111F-273B-48DF-ADEA-44BADE5E7FEB",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71FA0271-BE55-48AD-B88D-34645684E9DE",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A1562A-07B8-4130-B319-1BE2800D8771",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E59ACB5-8745-46A8-889E-005DEA38925B",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D01E3771-86FD-483D-BCCB-1B1CDD4C482F",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "230F8974-9613-4B58-8621-67CCE81E208C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9184783-2476-4ED0-9F05-CA2AC68446B3",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "752B8F1C-54E3-4985-97A4-86FBF13E6BFD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAA6D71-2B11-4490-A1C4-652347582EF6",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F78C528-605C-46F3-8CF0-828B682745B3",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1075AC6C-C9E1-45EA-B371-B06235C6AA86",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E140DC9-7000-48ED-A5C7-B23023DFB199",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C71A1AD7-4651-4FA9-9114-023E07DCB285",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A2E5FC-9717-47C1-A223-F90DC572DAB0",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "984491F0-8303-4C6C-B884-00C032D797DD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6929C4B1-27A0-4595-ABB6-48BB7F03A3EB",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4E278B-360E-4F00-8479-9531EB417269",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577AEF72-23CC-45D9-B391-8A3D79DAB5BA",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC",
"versionEndExcluding": "2022.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution."
},
{
"lang": "es",
"value": "Un archivo DWF maliciosamente dise\u00f1ado en Autodesk AutoCAD versiones 2022, 2021, 2020, 2019 y Autodesk Navisworks versi\u00f3n 2022 puede usarse para escribir m\u00e1s all\u00e1 de los l\u00edmites asignados cuando son analizados los archivos DWF. Una explotaci\u00f3n de esta vulnerabilidad puede conllevar a una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2022-25790",
"lastModified": "2024-11-21T06:53:00.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T20:15:20.503",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-19 21:15
Modified
2024-11-21 06:53
Severity ?
Summary
A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | advance_steel | * | |
| autodesk | autocad | * | |
| autodesk | autocad | * | |
| autodesk | autocad_architecture | * | |
| autodesk | autocad_electrical | * | |
| autodesk | autocad_lt | * | |
| autodesk | autocad_lt | * | |
| autodesk | autocad_map_3d | * | |
| autodesk | autocad_mechanical | * | |
| autodesk | autocad_mep | * | |
| autodesk | autocad_plant_3d | * | |
| autodesk | civil_3d | * | |
| autodesk | inventor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "E3116E10-FB93-4EC7-957E-B130FE5153BF",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8357611C-929E-407C-B4C8-6ED926E513C6",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "0DC17B10-E6E8-4D49-BDEF-DBC5097580C9",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "EEC464C9-D741-41B4-B460-B4305BCD83FA",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B7E4C-4F2E-428D-A6CB-D4F2FB5865B0",
"versionEndExcluding": "2022.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code."
},
{
"lang": "es",
"value": "Un archivo JT malicioso en Autodesk AutoCAD versi\u00f3n 2022 puede usarse para escribir m\u00e1s all\u00e1 del b\u00fafer asignado mientras son analizados los archivos JT. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-25788",
"lastModified": "2024-11-21T06:53:00.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-19T21:15:18.650",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-25 13:15
Modified
2024-11-21 05:57
Severity ?
Summary
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC0E547-C366-4A0E-95DE-EC420492E698",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8319413-E093-4931-B2DB-A46522DF93C9",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B350B87-23EC-44F8-9A5F-9AC815E15BD9",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE14E69-8BCB-4E00-8BAB-CB7F1688DC27",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A084A960-35D8-4B9C-87DE-0213CA40CAD8",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20EE0BDC-3A97-4CD4-A232-922F8D613856",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDD2042-5313-4658-AA4E-109684E91C43",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE031BD1-9F02-44C2-865E-2011511B36F5",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A51CDDA-0D83-4331-9AB6-F6ED076157F6",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143F8B16-E253-477E-9875-94928BE5596B",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607A4804-A286-4237-82C3-8BE98662AE20",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "967B286E-5E73-47E3-BC2F-951E26720370",
"versionEndIncluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C50E3E-8EFA-4B0D-B284-CF8FE4129866",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD4F808-CA46-4A8E-82DD-6D1A82DDF91C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD09E68-2C34-4E76-9B67-868FA6E825A6",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08BC587D-E4C7-4758-8AF5-1970892C35C8",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282A07AC-8D43-4580-8D2E-8E30370049F3",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E4967-AC88-42D6-98C2-1BA63F20BD5C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49512EB3-DE17-45FF-AB90-2966462A9C3C",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A870BA-E78E-4975-BF6D-7D410BE8CD6C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF85630-3DDC-4026-AC5A-F1B197F98C9E",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5309100-B3E9-4144-AEA3-B9030E93FD78",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "954682D1-2E7A-4EAB-B4B8-43E2038EB7C7",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1016D7F3-2780-4412-A7AA-361B44A8632E",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D0B0D7-FC6F-43D8-85AA-AC0BD464E5A1",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6DF983-6772-45D4-A82A-EE1BB2EEFD4F",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7ABD866-E08B-42F3-A19A-5574563AA540",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6716F29E-FBA2-4178-A8AE-269D9CC5AC59",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "372905FF-2C9B-4366-BE56-36CACDA63BCD",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F1DCEB-7ABB-4109-943A-E2DEFB17D330",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA49E2B8-CBF5-4F6E-A832-D1FDB597FADE",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF7601F-D6A3-4CD6-961D-B8B1B82E29CE",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F285B8D-585C-4C23-98FA-E09DE53C8247",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A10D9CEE-D92D-470D-928F-8F90243618EE",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0199953B-BCAC-405E-BDC6-951BEAE01570",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDFDF50-5230-41F1-B380-AD3EC4B53DB7",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3326B-382B-4137-B0E7-0D54E825B717",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48F67A57-7528-406B-9BF1-6A963F732564",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "825FC323-CAE7-4B39-85AD-966980D30D89",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F430EA73-2B9F-42D9-9005-42F439ABF63C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "713BBAEC-BE6D-40BC-9FB3-EBB906FB09BA",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application."
},
{
"lang": "es",
"value": "Un problema de escritura de direcciones arbitrarias en la aplicaci\u00f3n Autodesk DWG, puede permitir a un usuario malicioso aprovechar la aplicaci\u00f3n para escribir en rutas inesperadas. Para explotar esto, el atacante necesitar\u00eda que la v\u00edctima habilitara la pila de p\u00e1gina completa en la aplicaci\u00f3n"
}
],
"id": "CVE-2021-27043",
"lastModified": "2024-11-21T05:57:14.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-25T13:15:08.280",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-25 13:15
Modified
2024-11-21 05:57
Severity ?
Summary
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC0E547-C366-4A0E-95DE-EC420492E698",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8319413-E093-4931-B2DB-A46522DF93C9",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B350B87-23EC-44F8-9A5F-9AC815E15BD9",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE14E69-8BCB-4E00-8BAB-CB7F1688DC27",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A084A960-35D8-4B9C-87DE-0213CA40CAD8",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20EE0BDC-3A97-4CD4-A232-922F8D613856",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDD2042-5313-4658-AA4E-109684E91C43",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE031BD1-9F02-44C2-865E-2011511B36F5",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A51CDDA-0D83-4331-9AB6-F6ED076157F6",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143F8B16-E253-477E-9875-94928BE5596B",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607A4804-A286-4237-82C3-8BE98662AE20",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "967B286E-5E73-47E3-BC2F-951E26720370",
"versionEndIncluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C50E3E-8EFA-4B0D-B284-CF8FE4129866",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD4F808-CA46-4A8E-82DD-6D1A82DDF91C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD09E68-2C34-4E76-9B67-868FA6E825A6",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08BC587D-E4C7-4758-8AF5-1970892C35C8",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282A07AC-8D43-4580-8D2E-8E30370049F3",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E4967-AC88-42D6-98C2-1BA63F20BD5C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49512EB3-DE17-45FF-AB90-2966462A9C3C",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A870BA-E78E-4975-BF6D-7D410BE8CD6C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF85630-3DDC-4026-AC5A-F1B197F98C9E",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5309100-B3E9-4144-AEA3-B9030E93FD78",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "954682D1-2E7A-4EAB-B4B8-43E2038EB7C7",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1016D7F3-2780-4412-A7AA-361B44A8632E",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D0B0D7-FC6F-43D8-85AA-AC0BD464E5A1",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6DF983-6772-45D4-A82A-EE1BB2EEFD4F",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7ABD866-E08B-42F3-A19A-5574563AA540",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6716F29E-FBA2-4178-A8AE-269D9CC5AC59",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "372905FF-2C9B-4366-BE56-36CACDA63BCD",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F1DCEB-7ABB-4109-943A-E2DEFB17D330",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA49E2B8-CBF5-4F6E-A832-D1FDB597FADE",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF7601F-D6A3-4CD6-961D-B8B1B82E29CE",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F285B8D-585C-4C23-98FA-E09DE53C8247",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A10D9CEE-D92D-470D-928F-8F90243618EE",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0199953B-BCAC-405E-BDC6-951BEAE01570",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDFDF50-5230-41F1-B380-AD3EC4B53DB7",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3326B-382B-4137-B0E7-0D54E825B717",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48F67A57-7528-406B-9BF1-6A963F732564",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "825FC323-CAE7-4B39-85AD-966980D30D89",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F430EA73-2B9F-42D9-9005-42F439ABF63C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code."
},
{
"lang": "es",
"value": "Un archivo DWG dise\u00f1ado maliciosamente puede ser usado para escribir m\u00e1s all\u00e1 del b\u00fafer asignado mientras se analizan los archivos DWG. La vulnerabilidad se presenta porque la aplicaci\u00f3n comete un fallo para manejar un archivo DWG dise\u00f1ado, lo que causa una excepci\u00f3n no manejada. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-27042",
"lastModified": "2024-11-21T05:57:14.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-25T13:15:08.247",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 19:15
Modified
2024-11-21 06:23
Severity ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8579FBF7-DA4C-48D2-8F9A-2D96D1CBF9A0",
"versionEndExcluding": "2020.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26E05A0E-6DBE-4DC0-A491-2A4419EA8835",
"versionEndExcluding": "2021.1.6",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F027164-A465-47C3-B92C-56A9D8759905",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFAEAD3-55FC-4918-8B74-B78975266C82",
"versionEndExcluding": "2019.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5C1908-9829-46DE-881F-57277490BE71",
"versionEndExcluding": "2020.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE821566-76A8-43D6-9628-B82CFE9FAC19",
"versionEndExcluding": "2021.3",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC",
"versionEndExcluding": "2022.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63ABBBCD-A869-47D6-BBBF-30E03F0DCC33",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD44E-386E-42C9-8B2E-90F29855DF4A",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDC63B1-6EA4-48C6-998A-A86A82A74BD4",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0203EC49-7943-4759-B62D-334FAF6B7A83",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87941CE7-7F89-4A09-BBE8-A0D829273A63",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F50DF-4792-4A29-BB21-5821CA5E3A22",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E40E1E-9B7F-4DB9-BB85-2832297135BC",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F616B84F-B471-43B9-BC5D-BA6CCE461F56",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0B37E9-4987-4B96-9B31-6168961E1496",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D23CAABD-FB77-4365-B7BC-4330315672AA",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E716111F-273B-48DF-ADEA-44BADE5E7FEB",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71FA0271-BE55-48AD-B88D-34645684E9DE",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BA4DE9-CCBC-4A08-B6C8-F50490BA2283",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9184783-2476-4ED0-9F05-CA2AC68446B3",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "752B8F1C-54E3-4985-97A4-86FBF13E6BFD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8167B5BF-1B06-414F-9088-A126D7C06515",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAA6D71-2B11-4490-A1C4-652347582EF6",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F78C528-605C-46F3-8CF0-828B682745B3",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "117BA468-7345-4FEA-A0E3-D4110F7472C3",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E140DC9-7000-48ED-A5C7-B23023DFB199",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8E7984-95F9-4FF4-AEBB-D60DF9F83D65",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A2E5FC-9717-47C1-A223-F90DC572DAB0",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "984491F0-8303-4C6C-B884-00C032D797DD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61A9231D-C524-49F5-A8D1-7D70D8034F5D",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E59ACB5-8745-46A8-889E-005DEA38925B",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D01E3771-86FD-483D-BCCB-1B1CDD4C482F",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1885BB08-EF19-4780-92F0-1ED4B18F0DB3",
"versionEndExcluding": "2019.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4E278B-360E-4F00-8479-9531EB417269",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577AEF72-23CC-45D9-B391-8A3D79DAB5BA",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9E2CC26F-F7B5-4BA6-A243-B22A37347A42",
"versionEndExcluding": "2022.2",
"versionStartExcluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2020:*:*:*:*:macos:*:*",
"matchCriteriaId": "5EF0E224-30B2-4A78-89A8-036304BBCE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:macos:*:*",
"matchCriteriaId": "2FB00DBF-2EC2-433F-9987-189729A46314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:macos:*:*",
"matchCriteriaId": "68FC54D1-B4FC-404E-9742-72F8340FE3C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "FF16B57E-C704-43BE-94F5-F09493257323",
"versionEndExcluding": "2022.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2020:*:*:*:*:macos:*:*",
"matchCriteriaId": "FC750C20-98CA-401E-B0AF-5013CE9CB319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2021:*:*:*:*:macos:*:*",
"matchCriteriaId": "164EB7AD-8B17-48E1-A73D-5E5D0012B360",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
"matchCriteriaId": "213232B9-A40B-436D-A66A-B65C49D59BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
"matchCriteriaId": "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "84ED1789-A17F-48F7-A152-09D2A5C59254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "74819924-EB63-4BBF-9986-FEF6100EEE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "100922EF-C773-4798-B352-B16FCAD48F36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version."
},
{
"lang": "es",
"value": "Una vulnerabilidad de corrupci\u00f3n de memoria puede conducir a la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de archivos DLL maliciosamente dise\u00f1ados a trav\u00e9s de PDFTron anterior a la versi\u00f3n 9.0.7"
}
],
"id": "CVE-2021-40161",
"lastModified": "2024-11-21T06:23:41.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T19:15:12.167",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-25 20:15
Modified
2024-11-21 06:23
Severity ?
Summary
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002 | Vendor Advisory | |
| psirt@autodesk.com | https://www.zerodayinitiative.com/advisories/ZDI-22-282/ | Third Party Advisory, VDB Entry | |
| psirt@autodesk.com | https://www.zerodayinitiative.com/advisories/ZDI-22-289/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-282/ | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-22-289/ | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | advance_steel | * | |
| autodesk | autocad | * | |
| autodesk | autocad_architecture | * | |
| autodesk | autocad_electrical | * | |
| autodesk | autocad_lt | * | |
| autodesk | autocad_map_3d | * | |
| autodesk | autocad_mechanical | * | |
| autodesk | autocad_mep | * | |
| autodesk | autocad_plant_3d | * | |
| autodesk | civil_3d | * | |
| autodesk | inventor | 2019 | |
| autodesk | inventor | 2020 | |
| autodesk | inventor | 2021 | |
| autodesk | inventor | 2022 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F50DF-4792-4A29-BB21-5821CA5E3A22",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D01E3771-86FD-483D-BCCB-1B1CDD4C482F",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B62AB8-467B-4305-93C0-80F4ED72BFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "521006E6-57DF-4E48-9D9B-70EED55DDC9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "C14111CD-085E-4B05-8FB6-2B2F871BE963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2022:*:*:*:*:*:*:*",
"matchCriteriaId": "C67079A0-1C2B-45F9-91CC-74C685D31B67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n para archivos JT en Autodesk Inventor 2022, 2021, 2020, 2019 junto con otras vulnerabilidades puede conducir a la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de archivos JT maliciosamente elaborados en el contexto del proceso actual"
}
],
"id": "CVE-2021-40159",
"lastModified": "2024-11-21T06:23:41.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-25T20:15:08.327",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-23 19:15
Modified
2024-11-21 06:23
Severity ?
Summary
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | revit | * | |
| autodesk | revit | * | |
| autodesk | revit | * | |
| autodesk | navisworks | * | |
| autodesk | navisworks | * | |
| autodesk | navisworks | * | |
| autodesk | navisworks | * | |
| autodesk | advance_steel | * | |
| autodesk | autocad | * | |
| autodesk | autocad | * | |
| autodesk | autocad_architecture | * | |
| autodesk | autocad_electrical | * | |
| autodesk | autocad_lt | * | |
| autodesk | autocad_lt | * | |
| autodesk | autocad_map_3d | * | |
| autodesk | autocad_mechanical | * | |
| autodesk | autocad_mep | * | |
| autodesk | autocad_plant_3d | * | |
| autodesk | civil_3d | * | |
| autodesk | design_review | 2018 | |
| autodesk | design_review | 2018 | |
| autodesk | design_review | 2018 | |
| autodesk | design_review | 2018 | |
| autodesk | design_review | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCAF9B0-8B1F-4625-B04F-DECB699C9770",
"versionEndExcluding": "2020.2.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BBB8FC-C689-4DF6-B79D-248C0144A5EC",
"versionEndExcluding": "2021.1.4",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A29624C7-516C-4E7E-B1FE-43ED3188BC70",
"versionEndExcluding": "2022.1",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70EC1A64-F7DD-4835-969F-A9051F06CB60",
"versionEndExcluding": "2019.6",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5C1908-9829-46DE-881F-57277490BE71",
"versionEndExcluding": "2020.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE821566-76A8-43D6-9628-B82CFE9FAC19",
"versionEndExcluding": "2021.3",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0E4388-28DB-4D72-BA69-882A121C8C9A",
"versionEndExcluding": "2022.1",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67E62F6D-C9D2-4129-A25A-468F150BA2CB",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4104E0A8-E133-41F9-A60A-368FD2DCC1A3",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "F7B0B566-F23E-4637-8611-8D055A90F421",
"versionEndExcluding": "2022.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D42D33AA-39DC-4B60-A87F-2B9A41390EDA",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D4CB47-D77A-4ACA-A606-3E7880729E0C",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E813870A-AAB5-491F-8ECA-587432AD9935",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "FF16B57E-C704-43BE-94F5-F09493257323",
"versionEndExcluding": "2022.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1172D845-0F80-45EC-95D6-911556D4032D",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "047BD11C-74A7-47AA-A593-BAACD00D2B89",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C926403A-E06B-45A7-9693-CF0B78C7C627",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3807591-D6E0-4BB6-9573-C318A9D4EF60",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C8F3C7-F830-4138-99BD-064F969E4929",
"versionEndExcluding": "2022.1.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
"matchCriteriaId": "213232B9-A40B-436D-A66A-B65C49D59BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
"matchCriteriaId": "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "84ED1789-A17F-48F7-A152-09D2A5C59254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "74819924-EB63-4BBF-9986-FEF6100EEE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "100922EF-C773-4798-B352-B16FCAD48F36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."
},
{
"lang": "es",
"value": "PDFTron antes de la versi\u00f3n 9.0.7 puede ser forzado a leer m\u00e1s all\u00e1 de los l\u00edmites asignados al analizar un archivo PDF malicioso. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-40160",
"lastModified": "2024-11-21T06:23:41.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-23T19:15:12.117",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 06:55
Severity ?
Summary
A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "395D75D7-FE8C-461D-8642-98BE81AA5277",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD44E-386E-42C9-8B2E-90F29855DF4A",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDC63B1-6EA4-48C6-998A-A86A82A74BD4",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "41A08A1E-5CC8-4F1A-8485-871366315BAC",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "A8B6181F-DFD8-4105-B277-95729F8EF34F",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "B234B44D-C528-4213-AE32-DEED2EC472F1",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "E3116E10-FB93-4EC7-957E-B130FE5153BF",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8357611C-929E-407C-B4C8-6ED926E513C6",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F616B84F-B471-43B9-BC5D-BA6CCE461F56",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0B37E9-4987-4B96-9B31-6168961E1496",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E716111F-273B-48DF-ADEA-44BADE5E7FEB",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71FA0271-BE55-48AD-B88D-34645684E9DE",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "04AF77FA-C980-47ED-B4C5-EEA965D425DF",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "F5783F63-D6BF-44BB-8001-3134D4CD5CF0",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "3E1AB702-ABBD-4110-9B27-F4C2EC3F6A00",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "0DC17B10-E6E8-4D49-BDEF-DBC5097580C9",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "EEC464C9-D741-41B4-B460-B4305BCD83FA",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "230F8974-9613-4B58-8621-67CCE81E208C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9184783-2476-4ED0-9F05-CA2AC68446B3",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "752B8F1C-54E3-4985-97A4-86FBF13E6BFD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAA6D71-2B11-4490-A1C4-652347582EF6",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F78C528-605C-46F3-8CF0-828B682745B3",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1075AC6C-C9E1-45EA-B371-B06235C6AA86",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E140DC9-7000-48ED-A5C7-B23023DFB199",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C71A1AD7-4651-4FA9-9114-023E07DCB285",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A2E5FC-9717-47C1-A223-F90DC572DAB0",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "984491F0-8303-4C6C-B884-00C032D797DD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6929C4B1-27A0-4595-ABB6-48BB7F03A3EB",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4E278B-360E-4F00-8479-9531EB417269",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577AEF72-23CC-45D9-B391-8A3D79DAB5BA",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code."
},
{
"lang": "es",
"value": "Un archivo TIF o PICT dise\u00f1ado de forma maliciosa en Autodesk AutoCAD versiones 2022, 2021, 2020, 2019, puede usarse para escribir m\u00e1s all\u00e1 del b\u00fafer asignado mediante una vulnerabilidad de desbordamiento del B\u00fafer. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-27530",
"lastModified": "2024-11-21T06:55:53.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-18T17:15:16.937",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-09 20:30
Modified
2024-11-21 04:48
Severity ?
Summary
An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | advance_steel | 2018 | |
| autodesk | autocad | 2018 | |
| autodesk | autocad_architecture | 2018 | |
| autodesk | autocad_electrical | 2018 | |
| autodesk | autocad_lt | 2018 | |
| autodesk | autocad_map_3d | 2018 | |
| autodesk | autocad_mechanical | 2018 | |
| autodesk | autocad_mep | 2018 | |
| autodesk | autocad_p\&id | 2018 | |
| autodesk | autocad_plant_3d | 2018 | |
| autodesk | civil_3d | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "461B3C59-740C-4530-80DA-23DD38A0EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2610D4-81E7-4B85-9147-C3F24895EDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "ECDE64CF-3527-4C9A-9672-E2FA3BCC8B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2B0DF8-8827-4CF2-94F1-D2871FA5095F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "85BF0890-5AE7-46BA-8FD4-667B20081A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C4F749-A0C3-4C25-B5FC-CE3E49AFF8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "E34DF2FB-6A4F-4060-9DE4-EE635D9056E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "BA943872-F736-4EC2-8328-9AABCAE08154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_p\\\u0026id:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "B80C406D-9E82-4B2B-8065-FEB797DE65B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "68F6B255-EE77-48BA-AEEE-9395C85BF274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "2692C0E3-9A82-42BA-A80D-8A0D72FD3164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad explotable de desbordamiento de pila en la funcionalidad DXF-parsing en Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P \u0026 ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018 y Autodesk Civil 3D 2018. Un archivo DXF especialmente creado puede generar un desbordamiento de pila, lo que resulta en la ejecuci\u00f3n de c\u00f3digo malicioso."
}
],
"id": "CVE-2019-7358",
"lastModified": "2024-11-21T04:48:05.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-09T20:30:21.227",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-09 20:30
Modified
2024-11-21 04:48
Severity ?
Summary
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | advance_steel | 2018 | |
| autodesk | autocad | 2018 | |
| autodesk | autocad_architecture | 2018 | |
| autodesk | autocad_electrical | 2018 | |
| autodesk | autocad_lt | 2018 | |
| autodesk | autocad_map_3d | 2018 | |
| autodesk | autocad_mechanical | 2018 | |
| autodesk | autocad_mep | 2018 | |
| autodesk | autocad_p\&id | 2018 | |
| autodesk | autocad_plant_3d | 2018 | |
| autodesk | civil_3d | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "461B3C59-740C-4530-80DA-23DD38A0EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2610D4-81E7-4B85-9147-C3F24895EDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "ECDE64CF-3527-4C9A-9672-E2FA3BCC8B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2B0DF8-8827-4CF2-94F1-D2871FA5095F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "85BF0890-5AE7-46BA-8FD4-667B20081A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C4F749-A0C3-4C25-B5FC-CE3E49AFF8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "E34DF2FB-6A4F-4060-9DE4-EE635D9056E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "BA943872-F736-4EC2-8328-9AABCAE08154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_p\\\u0026id:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "B80C406D-9E82-4B2B-8065-FEB797DE65B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "68F6B255-EE77-48BA-AEEE-9395C85BF274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "2692C0E3-9A82-42BA-A80D-8A0D72FD3164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution."
},
{
"lang": "es",
"value": "Una vulnerabilidad explotable de desbordamiento de pila en el c\u00f3digo de manejo AcCellMargin en Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD , Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018 y Autodesk Civil 3D 2018. Un archivo DXF especialmente creado con muchos m\u00e1rgenes de celda que pueblan un objeto AcCellMargin puede generar un desbordamiento de pila, lo que conlleva a la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2019-7359",
"lastModified": "2024-11-21T04:48:05.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-09T20:30:21.287",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-25 20:15
Modified
2024-11-21 06:23
Severity ?
Summary
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | advance_steel | * | |
| autodesk | autocad | * | |
| autodesk | autocad_architecture | * | |
| autodesk | autocad_electrical | * | |
| autodesk | autocad_lt | * | |
| autodesk | autocad_map_3d | * | |
| autodesk | autocad_mechanical | * | |
| autodesk | autocad_mep | * | |
| autodesk | autocad_plant_3d | * | |
| autodesk | civil_3d | * | |
| autodesk | inventor | * | |
| autodesk | inventor | 2019 | |
| autodesk | inventor | 2020 | |
| autodesk | inventor | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F50DF-4792-4A29-BB21-5821CA5E3A22",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D01E3771-86FD-483D-BCCB-1B1CDD4C482F",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B7E4C-4F2E-428D-A6CB-D4F2FB5865B0",
"versionEndExcluding": "2022.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "B0B62AB8-467B-4305-93C0-80F4ED72BFA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "521006E6-57DF-4E48-9D9B-70EED55DDC9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2021:*:*:*:*:*:*:*",
"matchCriteriaId": "C14111CD-085E-4B05-8FB6-2B2F871BE963",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo JT malicioso en Autodesk Inventor 2022, 2021, 2020, 2019 y AutoCAD 2022 puede ser forzado a leer m\u00e1s all\u00e1 de los l\u00edmites asignados cuando se analiza el archivo JT. Esta vulnerabilidad, junto con otras, podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo en el contexto del proceso actual"
}
],
"id": "CVE-2021-40158",
"lastModified": "2024-11-21T06:23:41.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-25T20:15:08.283",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 20:15
Modified
2024-11-21 06:53
Severity ?
Summary
A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "395D75D7-FE8C-461D-8642-98BE81AA5277",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD44E-386E-42C9-8B2E-90F29855DF4A",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDC63B1-6EA4-48C6-998A-A86A82A74BD4",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E84020-F179-4AF3-BF9C-6D27259B2847",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87941CE7-7F89-4A09-BBE8-A0D829273A63",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F50DF-4792-4A29-BB21-5821CA5E3A22",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8357611C-929E-407C-B4C8-6ED926E513C6",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F616B84F-B471-43B9-BC5D-BA6CCE461F56",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0B37E9-4987-4B96-9B31-6168961E1496",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E716111F-273B-48DF-ADEA-44BADE5E7FEB",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71FA0271-BE55-48AD-B88D-34645684E9DE",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A1562A-07B8-4130-B319-1BE2800D8771",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E59ACB5-8745-46A8-889E-005DEA38925B",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D01E3771-86FD-483D-BCCB-1B1CDD4C482F",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "230F8974-9613-4B58-8621-67CCE81E208C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9184783-2476-4ED0-9F05-CA2AC68446B3",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "752B8F1C-54E3-4985-97A4-86FBF13E6BFD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAA6D71-2B11-4490-A1C4-652347582EF6",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F78C528-605C-46F3-8CF0-828B682745B3",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1075AC6C-C9E1-45EA-B371-B06235C6AA86",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E140DC9-7000-48ED-A5C7-B23023DFB199",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C71A1AD7-4651-4FA9-9114-023E07DCB285",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A2E5FC-9717-47C1-A223-F90DC572DAB0",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "984491F0-8303-4C6C-B884-00C032D797DD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6929C4B1-27A0-4595-ABB6-48BB7F03A3EB",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4E278B-360E-4F00-8479-9531EB417269",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577AEF72-23CC-45D9-B391-8A3D79DAB5BA",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC",
"versionEndExcluding": "2022.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code."
},
{
"lang": "es",
"value": "Un archivo DXF dise\u00f1ado de forma maliciosa en Autodesk AutoCAD versiones 2022, 2021, 2020, 2019 y Autodesk Navisworks versi\u00f3n 2022, puede usarse para escribir m\u00e1s all\u00e1 del b\u00fafer asignado mediante Una vulnerabilidad de desbordamiento del b\u00fafer. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2022-25792",
"lastModified": "2024-11-21T06:53:00.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T20:15:20.590",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 20:15
Modified
2024-11-21 06:53
Severity ?
Summary
A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "395D75D7-FE8C-461D-8642-98BE81AA5277",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD44E-386E-42C9-8B2E-90F29855DF4A",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDC63B1-6EA4-48C6-998A-A86A82A74BD4",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E84020-F179-4AF3-BF9C-6D27259B2847",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87941CE7-7F89-4A09-BBE8-A0D829273A63",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F50DF-4792-4A29-BB21-5821CA5E3A22",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8357611C-929E-407C-B4C8-6ED926E513C6",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F616B84F-B471-43B9-BC5D-BA6CCE461F56",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0B37E9-4987-4B96-9B31-6168961E1496",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E716111F-273B-48DF-ADEA-44BADE5E7FEB",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71FA0271-BE55-48AD-B88D-34645684E9DE",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A1562A-07B8-4130-B319-1BE2800D8771",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E59ACB5-8745-46A8-889E-005DEA38925B",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D01E3771-86FD-483D-BCCB-1B1CDD4C482F",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "230F8974-9613-4B58-8621-67CCE81E208C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9184783-2476-4ED0-9F05-CA2AC68446B3",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "752B8F1C-54E3-4985-97A4-86FBF13E6BFD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAA6D71-2B11-4490-A1C4-652347582EF6",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F78C528-605C-46F3-8CF0-828B682745B3",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1075AC6C-C9E1-45EA-B371-B06235C6AA86",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E140DC9-7000-48ED-A5C7-B23023DFB199",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C71A1AD7-4651-4FA9-9114-023E07DCB285",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A2E5FC-9717-47C1-A223-F90DC572DAB0",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "984491F0-8303-4C6C-B884-00C032D797DD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6929C4B1-27A0-4595-ABB6-48BB7F03A3EB",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4E278B-360E-4F00-8479-9531EB417269",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577AEF72-23CC-45D9-B391-8A3D79DAB5BA",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC",
"versionEndExcluding": "2022.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Corrupci\u00f3n de Memoria para archivos DWF y DWFX en Autodesk AutoCAD versiones 2022, 2021, 2020, 2019 y Autodesk Navisworks versi\u00f3n 2022, puede conllevar a una ejecuci\u00f3n de c\u00f3digo mediante archivos DLL maliciosamente dise\u00f1ados"
}
],
"id": "CVE-2022-25791",
"lastModified": "2024-11-21T06:53:00.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T20:15:20.547",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-25 13:15
Modified
2024-11-21 05:57
Severity ?
Summary
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC0E547-C366-4A0E-95DE-EC420492E698",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8319413-E093-4931-B2DB-A46522DF93C9",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B350B87-23EC-44F8-9A5F-9AC815E15BD9",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE14E69-8BCB-4E00-8BAB-CB7F1688DC27",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A084A960-35D8-4B9C-87DE-0213CA40CAD8",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20EE0BDC-3A97-4CD4-A232-922F8D613856",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDD2042-5313-4658-AA4E-109684E91C43",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE031BD1-9F02-44C2-865E-2011511B36F5",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A51CDDA-0D83-4331-9AB6-F6ED076157F6",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "143F8B16-E253-477E-9875-94928BE5596B",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "607A4804-A286-4237-82C3-8BE98662AE20",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "967B286E-5E73-47E3-BC2F-951E26720370",
"versionEndIncluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64C50E3E-8EFA-4B0D-B284-CF8FE4129866",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD4F808-CA46-4A8E-82DD-6D1A82DDF91C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD09E68-2C34-4E76-9B67-868FA6E825A6",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08BC587D-E4C7-4758-8AF5-1970892C35C8",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "282A07AC-8D43-4580-8D2E-8E30370049F3",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E37E4967-AC88-42D6-98C2-1BA63F20BD5C",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49512EB3-DE17-45FF-AB90-2966462A9C3C",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A870BA-E78E-4975-BF6D-7D410BE8CD6C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF85630-3DDC-4026-AC5A-F1B197F98C9E",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5309100-B3E9-4144-AEA3-B9030E93FD78",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "954682D1-2E7A-4EAB-B4B8-43E2038EB7C7",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1016D7F3-2780-4412-A7AA-361B44A8632E",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D0B0D7-FC6F-43D8-85AA-AC0BD464E5A1",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6DF983-6772-45D4-A82A-EE1BB2EEFD4F",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7ABD866-E08B-42F3-A19A-5574563AA540",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6716F29E-FBA2-4178-A8AE-269D9CC5AC59",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "372905FF-2C9B-4366-BE56-36CACDA63BCD",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F1DCEB-7ABB-4109-943A-E2DEFB17D330",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA49E2B8-CBF5-4F6E-A832-D1FDB597FADE",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF7601F-D6A3-4CD6-961D-B8B1B82E29CE",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F285B8D-585C-4C23-98FA-E09DE53C8247",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A10D9CEE-D92D-470D-928F-8F90243618EE",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0199953B-BCAC-405E-BDC6-951BEAE01570",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBDFDF50-5230-41F1-B380-AD3EC4B53DB7",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3326B-382B-4137-B0E7-0D54E825B717",
"versionEndExcluding": "2019.1.3",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48F67A57-7528-406B-9BF1-6A963F732564",
"versionEndExcluding": "2020.1.4",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "825FC323-CAE7-4B39-85AD-966980D30D89",
"versionEndExcluding": "2021.1.1",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F430EA73-2B9F-42D9-9005-42F439ABF63C",
"versionEndExcluding": "2022.0.1",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
"matchCriteriaId": "213232B9-A40B-436D-A66A-B65C49D59BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
"matchCriteriaId": "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
"matchCriteriaId": "84ED1789-A17F-48F7-A152-09D2A5C59254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*",
"matchCriteriaId": "74819924-EB63-4BBF-9986-FEF6100EEE15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*",
"matchCriteriaId": "100922EF-C773-4798-B352-B16FCAD48F36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC66E916-D8A4-475B-A7E3-4E2FEF46A7B9",
"versionEndIncluding": "10.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE9E820-2348-4895-9F7D-96071747109D",
"versionEndIncluding": "4.04e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
},
{
"lang": "es",
"value": "Un archivo DWG malicioso puede ser utilizado para escribir m\u00e1s all\u00e1 del buffer asignado mientras se analizan los archivos DWG. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"
}
],
"id": "CVE-2021-27041",
"lastModified": "2024-11-21T05:57:14.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-25T13:15:08.217",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-29 21:15
Modified
2024-12-16 00:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | advance_steel | 2025 | |
| autodesk | autocad | 2025 | |
| autodesk | autocad_architecture | 2025 | |
| autodesk | autocad_electrical | 2025 | |
| autodesk | autocad_mechanical | 2025 | |
| autodesk | autocad_mep | 2025 | |
| autodesk | autocad_plant_3d | 2025 | |
| autodesk | civil_3d | 2025 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "B26ECB1F-375C-4695-BD06-F9752CBADFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "E131B949-522C-4898-8375-BEF88C77E5F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "DA34F55E-6539-46C3-848D-7A0373D373F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "C288215A-6B64-403C-B955-87A61AEAACE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "E8EEB057-008A-4E7C-B90F-0661CB00FED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "C1370F96-D4C1-40B2-8890-8C652D5BE0D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "1848ABD0-D516-481F-B2FF-27DC657B37AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "77FBAF4B-88C6-4C7D-BEF3-F7C8095ADF7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": " Un archivo SLDPRT creado con fines malintencionados, cuando se analiza en odxsw_dll.dll a trav\u00e9s de Autodesk AutoCAD, puede provocar una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, escribir datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2024-8587",
"lastModified": "2024-12-16T00:15:04.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-29T21:15:04.990",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 20:15
Modified
2024-11-21 06:53
Severity ?
Summary
A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "395D75D7-FE8C-461D-8642-98BE81AA5277",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "525AD44E-386E-42C9-8B2E-90F29855DF4A",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CDC63B1-6EA4-48C6-998A-A86A82A74BD4",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E84020-F179-4AF3-BF9C-6D27259B2847",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87941CE7-7F89-4A09-BBE8-A0D829273A63",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5F50DF-4792-4A29-BB21-5821CA5E3A22",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8357611C-929E-407C-B4C8-6ED926E513C6",
"versionEndExcluding": "2022.2.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F616B84F-B471-43B9-BC5D-BA6CCE461F56",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0B37E9-4987-4B96-9B31-6168961E1496",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E716111F-273B-48DF-ADEA-44BADE5E7FEB",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71FA0271-BE55-48AD-B88D-34645684E9DE",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A1562A-07B8-4130-B319-1BE2800D8771",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E59ACB5-8745-46A8-889E-005DEA38925B",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D01E3771-86FD-483D-BCCB-1B1CDD4C482F",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "230F8974-9613-4B58-8621-67CCE81E208C",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9184783-2476-4ED0-9F05-CA2AC68446B3",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "752B8F1C-54E3-4985-97A4-86FBF13E6BFD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BAA6D71-2B11-4490-A1C4-652347582EF6",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F78C528-605C-46F3-8CF0-828B682745B3",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1075AC6C-C9E1-45EA-B371-B06235C6AA86",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E140DC9-7000-48ED-A5C7-B23023DFB199",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C71A1AD7-4651-4FA9-9114-023E07DCB285",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A2E5FC-9717-47C1-A223-F90DC572DAB0",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "984491F0-8303-4C6C-B884-00C032D797DD",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6929C4B1-27A0-4595-ABB6-48BB7F03A3EB",
"versionEndExcluding": "2019.1.4",
"versionStartIncluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4E278B-360E-4F00-8479-9531EB417269",
"versionEndExcluding": "2020.1.5",
"versionStartIncluding": "2020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577AEF72-23CC-45D9-B391-8A3D79DAB5BA",
"versionEndExcluding": "2021.1.2",
"versionStartIncluding": "2021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E",
"versionEndExcluding": "2022.1.2",
"versionStartIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
},
{
"lang": "es",
"value": "Los archivos DWF, 3DS y DWFX dise\u00f1ados de forma maliciosa en Autodesk AutoCAD versiones 2022, 2021, 2020, 2019, pueden usarse para desencadenar una vulnerabilidad de uso de memoria previamente liberada. Una explotaci\u00f3n de esta vulnerabilidad puede conllevar a una ejecuci\u00f3n de c\u00f3digo"
}
],
"id": "CVE-2022-25789",
"lastModified": "2024-11-21T06:53:00.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T20:15:20.460",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-09 20:30
Modified
2024-11-21 04:48
Severity ?
Summary
An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | advance_steel | 2018 | |
| autodesk | autocad | 2018 | |
| autodesk | autocad_architecture | 2018 | |
| autodesk | autocad_electrical | 2018 | |
| autodesk | autocad_lt | 2018 | |
| autodesk | autocad_map_3d | 2018 | |
| autodesk | autocad_mechanical | 2018 | |
| autodesk | autocad_mep | 2018 | |
| autodesk | autocad_p\&id | 2018 | |
| autodesk | autocad_plant_3d | 2018 | |
| autodesk | civil_3d | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "461B3C59-740C-4530-80DA-23DD38A0EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2610D4-81E7-4B85-9147-C3F24895EDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "ECDE64CF-3527-4C9A-9672-E2FA3BCC8B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2B0DF8-8827-4CF2-94F1-D2871FA5095F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "85BF0890-5AE7-46BA-8FD4-667B20081A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C4F749-A0C3-4C25-B5FC-CE3E49AFF8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "E34DF2FB-6A4F-4060-9DE4-EE635D9056E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "BA943872-F736-4EC2-8328-9AABCAE08154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_p\\\u0026id:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "B80C406D-9E82-4B2B-8065-FEB797DE65B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "68F6B255-EE77-48BA-AEEE-9395C85BF274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "2692C0E3-9A82-42BA-A80D-8A0D72FD3164",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution."
},
{
"lang": "es",
"value": "Una vulnerabilidad explotable de uso de memoria previamente liberada (use-after-free) de la funcionalidad de an\u00e1lisis DXF en Parodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018 Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018 y Autodesk Civil 3D 2018. Un archivo DXF especialmente creado puede desencadenar un use-after-free, lo que conlleva a la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2019-7360",
"lastModified": "2024-11-21T04:48:05.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-09T20:30:21.337",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-23 20:15
Modified
2024-11-21 04:48
Severity ?
Summary
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "CB72BEDD-3A76-44B8-8192-D4F12C87488D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "461B3C59-740C-4530-80DA-23DD38A0EEB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "963B02A8-97DE-4C10-9AE1-3DA4FBC9AF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4543D1-94E4-4470-91BF-6F3141FD9DAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "D45E4513-4F91-492F-ABFA-E67EAEB3514C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "4C2610D4-81E7-4B85-9147-C3F24895EDB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "411DC826-735A-4BEB-84BE-9250F97F612E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "E30E2562-D38E-4764-874E-5B2FCF5639E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "65CA52C5-9F62-455C-949C-4AE00FDDFA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "ECDE64CF-3527-4C9A-9672-E2FA3BCC8B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "9275E76C-2A79-462A-A9D3-D0B6BBCDD0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DFA12E-48C5-47B9-BD9F-1AFACBF4E1EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "D93A0DCA-DE9C-4A0E-8EC3-46B1B32D88EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2B0DF8-8827-4CF2-94F1-D2871FA5095F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "A10DE5AF-1718-4899-9238-CFFDC72D05B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "E388264D-D2D4-4BE4-9097-8F547D73ABE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "36D3F11C-900E-436C-A628-75CE5218489B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "85BF0890-5AE7-46BA-8FD4-667B20081A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "03682B7E-1CF1-4456-A51F-A6ADFC177935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "371C5F60-4959-40C7-93E1-A01510A95115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "7773B26C-12D3-4D00-990D-16F6978302A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C4F749-A0C3-4C25-B5FC-CE3E49AFF8F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "04E05510-B21B-4DDD-88D7-CEB8963E1AFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CD010A-FDBC-40F9-95AC-0CD8388B85D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "A591011C-4E67-497D-89B4-6F32460EEF1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "E34DF2FB-6A4F-4060-9DE4-EE635D9056E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "19255CEC-6161-4D44-B87E-52E86DF4FBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "7147F378-DFB0-48A8-8B05-8777E1CC7F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "01D7FD7C-B818-4FA1-A845-6721729274EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "BA943872-F736-4EC2-8328-9AABCAE08154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "3F608B1C-BA96-4EA8-A540-83870262CBC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFAAD19-6248-42CB-B177-EC2E5141A953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_p\\\u0026id:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "166A2A40-5073-4072-BBF9-5593FA052680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "15F0D764-62D6-4729-BB98-8C4BEBACD45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "68F6B255-EE77-48BA-AEEE-9395C85BF274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "4E536B0D-4C95-4589-981A-2F8A6C4B44DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "3FBDD3AC-FA00-462F-AA13-5A75B5D50689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6AAAC86E-4D30-4A33-AC84-57486A7C26D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "2692C0E3-9A82-42BA-A80D-8A0D72FD3164",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8A4F1F-0D78-41FB-BB62-4A6164AC0F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2020:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A4C41C-E547-4693-8C53-E21A56323D52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P\u0026ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution."
},
{
"lang": "es",
"value": "Vulnerabilidad de precarga de DLL en las versiones 2017, 2018, 2019 y 2020 de Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D y la versi\u00f3n 2017 de AutoCAD P\u0026ID. Un atacante puede enga\u00f1ar a un usuario para que abra un archivo DWG malicioso que puede aprovechar una vulnerabilidad de precarga de DLL en AutoCAD que puede provocar la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2019-7364",
"lastModified": "2024-11-21T04:48:06.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-23T20:15:10.690",
"references": [
{
"source": "psirt@autodesk.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}