CVE-2022-25793

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0006	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:3ds_max::::::::
	cpe:2.3:a:autodesk:3ds_max::::::::
	cpe:2.3:a:autodesk:3ds_max::::::::

History

08 Aug 2023, 14:21

Type	Values Removed	Values Added
CWE	~~CWE-120~~	CWE-1284

Information

Published : 2022-08-10 20:15

Updated : 2024-02-28 19:29

NVD link : CVE-2022-25793

Mitre link : CVE-2022-25793

CVE.ORG link : CVE-2022-25793

JSON object : View

Products Affected

autodesk

3ds_max

CWE

CWE-1284

Improper Validation of Specified Quantity in Input

{"id": "CVE-2022-25793", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-08-10T20:15:31.807", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0006", "tags": ["Vendor Advisory"], "source": "psirt@autodesk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1284"}]}], "descriptions": [{"lang": "en", "value": "A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n Stack de la memoria en Autodesk 3ds Max versiones 2022, 2021 y 2020, puede conllevar a una ejecuci\u00f3n de c\u00f3digo mediante la falta de comprobaci\u00f3n apropiada de la longitud de los datos suministrados por el usuario antes de copiarlos en un b\u00fafer en la regi\u00f3n stack de la memoria de longitud fija cuando son analizados archivos de c\u00f3digo de bytes de ActionScript. Esta vulnerabilidad puede permitir la ejecuci\u00f3n de c\u00f3digo arbitrario en las instalaciones afectadas de Autodesk 3ds Max"}], "lastModified": "2023-08-08T14:21:49.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:3ds_max:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CB4E3CB-2C64-44C8-ADA7-D88ED4A0C02B", "versionEndExcluding": "2020.3.6", "versionStartIncluding": "2020"}, {"criteria": "cpe:2.3:a:autodesk:3ds_max:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23E83FC1-97C7-4AD6-806E-6ED14826E82D", "versionEndExcluding": "2021.3.10", "versionStartIncluding": "2021"}, {"criteria": "cpe:2.3:a:autodesk:3ds_max:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E71086D2-9206-46B5-A0F0-C1438C0774B5", "versionEndIncluding": "2022.3.3", "versionStartIncluding": "2022"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@autodesk.com"}