CVE-2022-33889 - Vulnerability Details

Vendors	Products
Autodesk	Autocad Autocad Advance Steel Autocad Architecture Autocad Civil 3d Autocad Electrical Autocad Lt Autocad Map 3d Autocad Mechanical Autocad Mep Autocad Plant 3d Design Review

Link	Providers
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Autodesk\u00ae Design Review, Autodesk\u00ae Advance Steel, Autodesk\u00ae Civil 3D\u00ae", "vendor": "n/a", "versions": [{"status": "affected", "version": "2018, 2023, 2022"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Heap based Overflow Buffer", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T14:22:14", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@autodesk.com", "ID": "CVE-2022-33889", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Autodesk\u00ae Design Review, Autodesk\u00ae Advance Steel, Autodesk\u00ae Civil 3D\u00ae", "version": {"version_data": [{"version_value": "2018, 2023, 2022"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap based Overflow Buffer"}]}]}, "references": {"reference_data": [{"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021", "refsource": "MISC", "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:22.694Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"}]}]}, "cveMetadata": {"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2022-33889", "datePublished": "2022-10-03T14:22:14", "dateReserved": "2022-06-16T00:00:00", "dateUpdated": "2024-08-03T08:09:22.694Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Autodesk® Design Review, Autodesk® Advance Steel, Autodesk® Civil 3D® (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : 2018, 2023, 2022 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Heap based Overflow Buffer (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-10-03T14:22:14 (string)

orgId : 7e40ea87-bc65-4944-9723-dd79dd760601 (string)

shortName : autodesk (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@autodesk.com (string)

ID : CVE-2022-33889 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Autodesk® Design Review, Autodesk® Advance Steel, Autodesk® Civil 3D® (string)

version : { »

version_data : [ »

0 : { »

version_value : 2018, 2023, 2022 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Heap based Overflow Buffer (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021 (string)

refsource : MISC (string)

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T08:09:22.694Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 7e40ea87-bc65-4944-9723-dd79dd760601 (string)

assignerShortName : autodesk (string)

cveId : CVE-2022-33889 (string)

datePublished : 2022-10-03T14:22:14 (string)

dateReserved : 2022-06-16T00:00:00 (string)

dateUpdated : 2024-08-03T08:09:22.694Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "matchCriteriaId": "F867A29B-ABEA-40D8-9252-9129DBC4EEEC", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "matchCriteriaId": "480910B3-5FD0-47EF-98BA-FDFE22945BB0", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", "matchCriteriaId": "354E7B7A-22BA-4EB2-B136-9622A8032167", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", "matchCriteriaId": "91A206DF-6922-4CF8-9481-E6A4A2953753", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0381CFD-48B1-4BA4-9961-64544267F852", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "729710F9-F4F9-4466-8FA2-22A0C0CF9420", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CEE7EBE-109D-43EC-9411-8169E589670A", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1C62E65-FD27-478A-A472-FBDA4C751BB5", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF33C631-4C2E-4A18-B5E8-A2037BF29196", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1A13743-F25B-47BC-902A-E7ADB9ACA577", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "matchCriteriaId": "42E5B8D3-9B23-4DC0-B7CE-BB7EC8D981F0", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "matchCriteriaId": "20E3E3AA-051D-44E2-BD4A-8EBFCFD11C8C", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "2ACB4E3C-FE40-4416-8484-A3A3B6883286", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA7C36AC-ED97-4669-AD61-75AA00F0385C", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3107206-44ED-45CB-A218-AC8E12CD4409", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F4ADAD1-5627-4BD2-A72B-DEC95415261F", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3357899-6803-4D09-94F0-7A633DB05E85", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FDA3E45-B980-4715-80CC-C29B4A3900C3", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AC1E832-B725-4F72-812F-000ADE262DEA", "versionEndExcluding": "2022.1.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A20490C-CDFD-4FCE-B5E3-1F2F78A0C531", "versionEndExcluding": "2023.1.1", "versionStartIncluding": "2023.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:*:*:*:*:*:*:*:*", "matchCriteriaId": "376B6A4F-8AF5-4D6E-B39C-2E99F7A81BCD", "versionEndExcluding": "2018", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", "matchCriteriaId": "213232B9-A40B-436D-A66A-B65C49D59BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*", "matchCriteriaId": "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*", "matchCriteriaId": "84ED1789-A17F-48F7-A152-09D2A5C59254", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*", "matchCriteriaId": "74819924-EB63-4BBF-9986-FEF6100EEE15", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*", "matchCriteriaId": "100922EF-C773-4798-B352-B16FCAD48F36", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix5:*:*:*:*:*:*", "matchCriteriaId": "1C7E8CE3-8A75-4357-8722-17E2CE2378CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix6:*:*:*:*:*:*", "matchCriteriaId": "41A96F19-544E-471F-B6BF-9CC8E9403A2A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution."}, {"lang": "es", "value": "Un archivo GIF o JPEG dise\u00f1ado de forma maliciosa cuando es analizado mediante Autodesk Design Review versi\u00f3n 2018 y AutoCAD versiones 2023 y 2022, podr\u00eda usarse para escribir m\u00e1s all\u00e1 del b\u00fafer de la pila asignado. Esta vulnerabilidad podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario"}], "id": "CVE-2022-33889", "lastModified": "2024-11-21T07:08:32.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-03T15:15:17.633", "references": [{"source": "psirt@autodesk.com", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F867A29B-ABEA-40D8-9252-9129DBC4EEEC (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 480910B3-5FD0-47EF-98BA-FDFE22945BB0 (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 354E7B7A-22BA-4EB2-B136-9622A8032167 (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 91A206DF-6922-4CF8-9481-E6A4A2953753 (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B0381CFD-48B1-4BA4-9961-64544267F852 (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 729710F9-F4F9-4466-8FA2-22A0C0CF9420 (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3CEE7EBE-109D-43EC-9411-8169E589670A (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F1C62E65-FD27-478A-A472-FBDA4C751BB5 (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AF33C631-4C2E-4A18-B5E8-A2037BF29196 (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F1A13743-F25B-47BC-902A-E7ADB9ACA577 (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 42E5B8D3-9B23-4DC0-B7CE-BB7EC8D981F0 (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 20E3E3AA-051D-44E2-BD4A-8EBFCFD11C8C (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2ACB4E3C-FE40-4416-8484-A3A3B6883286 (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:* (string)

matchCriteriaId : AA7C36AC-ED97-4669-AD61-75AA00F0385C (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E3107206-44ED-45CB-A218-AC8E12CD4409 (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 1F4ADAD1-5627-4BD2-A72B-DEC95415261F (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C3357899-6803-4D09-94F0-7A633DB05E85 (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7FDA3E45-B980-4715-80CC-C29B4A3900C3 (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9AC1E832-B725-4F72-812F-000ADE262DEA (string)

versionEndExcluding : 2022.1.3 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A20490C-CDFD-4FCE-B5E3-1F2F78A0C531 (string)

versionEndExcluding : 2023.1.1 (string)

versionStartIncluding : 2023.0.0 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:autodesk:design_review:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 376B6A4F-8AF5-4D6E-B39C-2E99F7A81BCD (string)

versionEndExcluding : 2018 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:* (string)

matchCriteriaId : 213232B9-A40B-436D-A66A-B65C49D59BE6 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:* (string)

matchCriteriaId : 2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:* (string)

matchCriteriaId : 84ED1789-A17F-48F7-A152-09D2A5C59254 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:* (string)

matchCriteriaId : 74819924-EB63-4BBF-9986-FEF6100EEE15 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:* (string)

matchCriteriaId : 100922EF-C773-4798-B352-B16FCAD48F36 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:autodesk:design_review:2018:hotfix5:*:*:*:*:*:* (string)

matchCriteriaId : 1C7E8CE3-8A75-4357-8722-17E2CE2378CC (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:autodesk:design_review:2018:hotfix6:*:*:*:*:*:* (string)

matchCriteriaId : 41A96F19-544E-471F-B6BF-9CC8E9403A2A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution. (string)

}

1 : { »

lang : es (string)

value : Un archivo GIF o JPEG diseñado de forma maliciosa cuando es analizado mediante Autodesk Design Review versión 2018 y AutoCAD versiones 2023 y 2022, podría usarse para escribir más allá del búfer de la pila asignado. Esta vulnerabilidad podría conllevar a una ejecución de código arbitrario (string)

}

]

id : CVE-2022-33889 (string)

lastModified : 2024-11-21T07:08:32.230 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-10-03T15:15:17.633 (string)

references : [ »

0 : { »

source : psirt@autodesk.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021 (string)

}

]

sourceIdentifier : psirt@autodesk.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-787 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object