{"containers": {"cna": {"affected": [{"product": "Autodesk Navisworks, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", "vendor": "n/a", "versions": [{"status": "affected", "version": "2022.1, 2022.1.1"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution."}], "problemTypes": [{"descriptions": [{"description": "Out-of-bounds Write", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-11T19:37:51.000Z", "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@autodesk.com", "ID": "CVE-2022-25790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Autodesk Navisworks, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", "version": {"version_data": [{"version_value": "2022.1, 2022.1.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005", "refsource": "MISC", "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:43.515Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"}]}]}, "cveMetadata": {"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "cveId": "CVE-2022-25790", "datePublished": "2022-04-11T19:37:51.000Z", "dateReserved": "2022-02-22T00:00:00.000Z", "dateUpdated": "2024-08-03T04:49:43.515Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "matchCriteriaId": "395D75D7-FE8C-461D-8642-98BE81AA5277", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "matchCriteriaId": "525AD44E-386E-42C9-8B2E-90F29855DF4A", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CDC63B1-6EA4-48C6-998A-A86A82A74BD4", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0E84020-F179-4AF3-BF9C-6D27259B2847", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "matchCriteriaId": "87941CE7-7F89-4A09-BBE8-A0D829273A63", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C5F50DF-4792-4A29-BB21-5821CA5E3A22", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", "matchCriteriaId": "8357611C-929E-407C-B4C8-6ED926E513C6", "versionEndExcluding": "2022.2.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "F616B84F-B471-43B9-BC5D-BA6CCE461F56", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD0B37E9-4987-4B96-9B31-6168961E1496", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "matchCriteriaId": "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "matchCriteriaId": "E716111F-273B-48DF-ADEA-44BADE5E7FEB", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "matchCriteriaId": "71FA0271-BE55-48AD-B88D-34645684E9DE", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DD91E39-A3D8-4806-A778-608FD6C29BB2", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "matchCriteriaId": "77A1562A-07B8-4130-B319-1BE2800D8771", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E59ACB5-8745-46A8-889E-005DEA38925B", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01E3771-86FD-483D-BCCB-1B1CDD4C482F", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "230F8974-9613-4B58-8621-67CCE81E208C", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9184783-2476-4ED0-9F05-CA2AC68446B3", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "752B8F1C-54E3-4985-97A4-86FBF13E6BFD", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "120326C3-E212-4341-A25D-BC3DD50CF228", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BAA6D71-2B11-4490-A1C4-652347582EF6", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F78C528-605C-46F3-8CF0-828B682745B3", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", "matchCriteriaId": "B117299A-C5FE-419F-9C1C-DF58A2772055", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "matchCriteriaId": "1075AC6C-C9E1-45EA-B371-B06235C6AA86", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E140DC9-7000-48ED-A5C7-B23023DFB199", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC178212-E440-46E9-9F00-60A5516D4D72", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "C71A1AD7-4651-4FA9-9114-023E07DCB285", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2A2E5FC-9717-47C1-A223-F90DC572DAB0", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "984491F0-8303-4C6C-B884-00C032D797DD", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "6929C4B1-27A0-4595-ABB6-48BB7F03A3EB", "versionEndExcluding": "2019.1.4", "versionStartIncluding": "2019", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE4E278B-360E-4F00-8479-9531EB417269", "versionEndExcluding": "2020.1.5", "versionStartIncluding": "2020", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "577AEF72-23CC-45D9-B391-8A3D79DAB5BA", "versionEndExcluding": "2021.1.2", "versionStartIncluding": "2021", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", "matchCriteriaId": "82C21398-6A86-4E56-A98E-E80FFCC6732E", "versionEndExcluding": "2022.1.2", "versionStartIncluding": "2022", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC", "versionEndExcluding": "2022.2", "versionStartIncluding": "2022", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution."}, {"lang": "es", "value": "Un archivo DWF maliciosamente dise\u00f1ado en Autodesk AutoCAD versiones 2022, 2021, 2020, 2019 y Autodesk Navisworks versi\u00f3n 2022 puede usarse para escribir m\u00e1s all\u00e1 de los l\u00edmites asignados cuando son analizados los archivos DWF. Una explotaci\u00f3n de esta vulnerabilidad puede conllevar a una ejecuci\u00f3n de c\u00f3digo"}], "id": "CVE-2022-25790", "lastModified": "2024-11-21T06:53:00.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-11T20:15:20.503", "references": [{"source": "psirt@autodesk.com", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}