{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-25797", "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "assignerShortName": "autodesk", "dateUpdated": "2024-08-03T04:49:43.919Z", "dateReserved": "2022-02-22T00:00:00.000Z", "datePublished": "2022-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601", "shortName": "autodesk", "dateUpdated": "2022-10-07T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception."}], "affected": [{"vendor": "n/a", "product": "Autodesk Trueview", "versions": [{"version": "2022, 2021, 2020, 2019", "status": "affected"}]}], "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Memory Corruption"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:49:43.919Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:dwg_trueview:2021:*:*:*:*:*:*:*", "matchCriteriaId": "3283D05E-0433-44D3-818C-9B75A73B779E", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:dwg_trueview:2022:*:*:*:*:*:*:*", "matchCriteriaId": "77C553DF-F08F-46E8-A81F-B58367794159", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception."}, {"lang": "es", "value": "Un archivo PDF malicioso en Autodesk AutoCAD 2022, 2021, 2020, 2019 puede ser utilizado para una escritura m\u00e1s all\u00e1 del buffer asignado mientras se analizan los archivos PDF. La vulnerabilidad existe porque la aplicaci\u00f3n no maneja un archivo PDF malicioso, lo que provoca una excepci\u00f3n no manejada"}], "id": "CVE-2022-25797", "lastModified": "2024-11-21T06:53:01.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-13T18:15:14.007", "references": [{"source": "psirt@autodesk.com", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}