Buffer Overflow Vulnerability in Autodesk AutoCAD 2022, 2021, 2020, 2019
CVE-2022-27529

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Autodesk Advanced Steel, Civil 3d, Autocad, Autocad Lt, Autocad Architecture, Autocad Electrical, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d
Vendor: CVE Published:; 18 April 2022

Summary

A vulnerability in Autodesk AutoCAD allows an attacker to craft malicious PICT, BMP, PSD, or TIF files that can lead to writing beyond the allocated buffer when parsed. This could enable the execution of arbitrary code, highlighting the importance of security measures when handling image files in affected versions of AutoCAD.

Affected Version(s)

Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D 2022, 2021, 2020, 2019

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 18, 2022
Vulnerability Reserved
Mar 21, 2022