CVE-2022-25797

A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception.

CVSS v3 7.8 HIGH
CVSS v2.0 6.8 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:autodesk:dwg_trueview:2021:::::::*
	cpe:2.3:a:autodesk:dwg_trueview:2022:::::::*

History

No history.

Information

Published : 2022-04-13 18:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-25797

Mitre link : CVE-2022-25797

CVE.ORG link : CVE-2022-25797

JSON object : View

Products Affected

autodesk

dwg_trueview

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-25797", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-04-13T18:15:14.007", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007", "tags": ["Vendor Advisory"], "source": "psirt@autodesk.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception."}, {"lang": "es", "value": "Un archivo PDF malicioso en Autodesk AutoCAD 2022, 2021, 2020, 2019 puede ser utilizado para una escritura m\u00e1s all\u00e1 del buffer asignado mientras se analizan los archivos PDF. La vulnerabilidad existe porque la aplicaci\u00f3n no maneja un archivo PDF malicioso, lo que provoca una excepci\u00f3n no manejada"}], "lastModified": "2022-10-07T18:15:17.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:dwg_trueview:2021:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3283D05E-0433-44D3-818C-9B75A73B779E"}, {"criteria": "cpe:2.3:a:autodesk:dwg_trueview:2022:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77C553DF-F08F-46E8-A81F-B58367794159"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@autodesk.com"}