Use-After-Free Vulnerability in Autodesk AutoCAD Products
CVE-2022-27867

7.8HIGH

What is CVE-2022-27867?

A vulnerability exists in Autodesk AutoCAD that arises when a specifically crafted JT file is processed. This use-after-free issue could allow attackers to execute arbitrary code by exploiting the way memory is managed within the software, potentially compromising the integrity and confidentiality of user data.

Affected Version(s)

Autodesk Inventor, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D 2022, 2021, 2020, 2019

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.