CVE-2022-33889

Published Oct 3, 2022
Last updated 2 years ago
CVSS high 7.8
Overview

Description: A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.
Source: psirt@autodesk.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH
Weaknesses

nvd@nist.gov: CWE-787
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F867A29B-ABEA-40D8-9252-9129DBC4EEEC",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "480910B3-5FD0-47EF-98BA-FDFE22945BB0",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "354E7B7A-22BA-4EB2-B136-9622A8032167",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91A206DF-6922-4CF8-9481-E6A4A2953753",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0381CFD-48B1-4BA4-9961-64544267F852",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "729710F9-F4F9-4466-8FA2-22A0C0CF9420",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CEE7EBE-109D-43EC-9411-8169E589670A",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1C62E65-FD27-478A-A472-FBDA4C751BB5",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF33C631-4C2E-4A18-B5E8-A2037BF29196",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1A13743-F25B-47BC-902A-E7ADB9ACA577",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42E5B8D3-9B23-4DC0-B7CE-BB7EC8D981F0",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20E3E3AA-051D-44E2-BD4A-8EBFCFD11C8C",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ACB4E3C-FE40-4416-8484-A3A3B6883286",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA7C36AC-ED97-4669-AD61-75AA00F0385C",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3107206-44ED-45CB-A218-AC8E12CD4409",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F4ADAD1-5627-4BD2-A72B-DEC95415261F",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3357899-6803-4D09-94F0-7A633DB05E85",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FDA3E45-B980-4715-80CC-C29B4A3900C3",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AC1E832-B725-4F72-812F-000ADE262DEA",
            "versionEndExcluding": "2022.1.3"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A20490C-CDFD-4FCE-B5E3-1F2F78A0C531",
            "versionEndExcluding": "2023.1.1",
            "versionStartIncluding": "2023.0.0"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:design_review:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "376B6A4F-8AF5-4D6E-B39C-2E99F7A81BCD",
            "versionEndExcluding": "2018"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "213232B9-A40B-436D-A66A-B65C49D59BE6"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84ED1789-A17F-48F7-A152-09D2A5C59254"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "74819924-EB63-4BBF-9986-FEF6100EEE15"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "100922EF-C773-4798-B352-B16FCAD48F36"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C7E8CE3-8A75-4357-8722-17E2CE2378CC"
          },
          {
            "criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41A96F19-544E-471F-B6BF-9CC8E9403A2A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References
