CVE-2022-33885

Published Oct 3, 2022

Last updated 2 years ago

CVSS high 7.8

Overview

Description: A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
Source: psirt@autodesk.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5829F52D-F61C-4B79-B724-3388B1B1723A",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70C48E66-DF91-4F0B-B93D-F6372BFC55C9",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCB04040-8C83-4381-B762-61F0ED8C8CC0",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57C7CD03-53D7-4224-82AE-F7CD929E3F92",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D042F7CF-2694-437E-B60A-4C324EBAB1F0",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF68C32D-7015-4513-BEB2-2CFD08DC799B",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A628855-3BE7-4B40-AFB7-7819CBD88D21",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A42B62B9-0ABA-4BE8-9115-6E633664FCE6",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "731F5891-D398-49AE-BA04-179D9FD18ED2",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E009D956-E27B-435B-A308-9279A7DA2087",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0982CCA5-8834-43D7-8596-F330D7A0A52B",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B937A033-FDA2-461E-8697-2341A9DE23DB",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FABCBE5-BF7B-4D2E-A886-8D38B3B82872",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19A43BB0-22A6-4715-B556-1DE7CDCAF616",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC2B3E51-4AAD-4A1E-951D-6428A0C8D6BA",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE681603-E303-4759-B301-37BACF233C76",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1456E3E-3B38-42E2-96FE-B14361E30CB2",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9601144-D1E1-4F8A-A6C0-447E17F14337",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74942A53-8D7E-4706-B9C3-EB1C03488684",
            "versionEndExcluding": "2022.1.3",
            "versionStartIncluding": "2022"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B95D329-E683-4128-8FC4-300CA974F1F1",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References