Vulnerabilities > CVE-2022-25791 - Out-of-bounds Write vulnerability in Autodesk products

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

autodesk

CWE-787

NVD

Published: 2022-04-11

Updated: 2022-04-19

Summary

A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.

Vulnerable Configurations

Part	Description	Count
Application	Autodesk Autodesk Advance Steel 2019 Autodesk Advance Steel 2019.1.3 Autodesk Advance Steel 2020 Autodesk Advance Steel 2020.1.4 Autodesk Advance Steel 2021 Autodesk Advance Steel 2021.1.1 Autodesk Advance Steel 2022 Autodesk Advance Steel 2022.0.1 Autodesk Autocad 2019 Autodesk Autocad 2019.1.3 Autodesk Autocad 2020 Autodesk Autocad 2020.1.4 Autodesk Autocad 2021 Autodesk Autocad 2021.1.1 Autodesk Autocad 2022 Autodesk Autocad 2022.0.1 Autodesk Autocad 2022.1 Autodesk Autocad Architecture 2019 Autodesk Autocad Architecture 2019.1.3 Autodesk Autocad Architecture 2020 Autodesk Autocad Architecture 2020.1.4 Autodesk Autocad Architecture 2021 Autodesk Autocad Architecture 2021.1.1 Autodesk Autocad Architecture 2022 Autodesk Autocad Architecture 2022.0.1 Autodesk Autocad Electrical 2019 Autodesk Autocad Electrical 2019.1.3 Autodesk Autocad Electrical 2020 Autodesk Autocad Electrical 2020.1.4 Autodesk Autocad Electrical 2021 Autodesk Autocad Electrical 2021.1.1 Autodesk Autocad Electrical 2022 Autodesk Autocad Electrical 2022.0.1 Autodesk Autocad LT 2019 Autodesk Autocad LT 2019.1.3 Autodesk Autocad LT 2020 Autodesk Autocad LT 2020.1.4 Autodesk Autocad LT 2021 Autodesk Autocad LT 2021.1.1 Autodesk Autocad LT 2022 Autodesk Autocad LT 2022.0.1 Autodesk Autocad LT 2022.1 Autodesk Autocad MAP 3D 2019 Autodesk Autocad MAP 3D 2019.1.3 Autodesk Autocad MAP 3D 2020 Autodesk Autocad MAP 3D 2020.1.4 Autodesk Autocad MAP 3D 2021 Autodesk Autocad MAP 3D 2021.1.1 Autodesk Autocad MAP 3D 2022 Autodesk Autocad MAP 3D 2022.0.1 Autodesk Autocad Mechanical 2019 Autodesk Autocad Mechanical 2019.1.3 Autodesk Autocad Mechanical 2020 Autodesk Autocad Mechanical 2020.1.4 Autodesk Autocad Mechanical 2021 Autodesk Autocad Mechanical 2021.1.1 Autodesk Autocad Mechanical 2022 Autodesk Autocad Mechanical 2022.0.1 Autodesk Autocad MEP 2019 Autodesk Autocad MEP 2019.1.3 Autodesk Autocad MEP 2020 Autodesk Autocad MEP 2020.1.4 Autodesk Autocad MEP 2021 Autodesk Autocad MEP 2021.1.1 Autodesk Autocad MEP 2022 Autodesk Autocad MEP 2022.0.1 Autodesk Autocad Plant 3D 2019 Autodesk Autocad Plant 3D 2019.1.3 Autodesk Autocad Plant 3D 2020 Autodesk Autocad Plant 3D 2020.1.4 Autodesk Autocad Plant 3D 2021 Autodesk Autocad Plant 3D 2021.1.1 Autodesk Autocad Plant 3D 2022 Autodesk Autocad Plant 3D 2022.0.1 Autodesk Civil 3D 2019 Autodesk Civil 3D 2019.1.3 Autodesk Civil 3D 2020 Autodesk Civil 3D 2020.1.4 Autodesk Civil 3D 2021 Autodesk Civil 3D 2021.1.1 Autodesk Civil 3D 2022 Autodesk Civil 3D 2022.0.1 Autodesk Civil 3D 2022.1.1 Autodesk Navisworks 2022	90

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005