#VU61925 Double Free in Autodesk products - CVE-2022-25796

Vulnerability identifier: #VU61925

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-25796

CWE-ID: CWE-415

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Autodesk AutoCAD
Autodesk Navisworks
Advance Steel
AutoCAD Architecture
Autodesk Civil 3D
AutoCAD Electrical
AutoCAD Map 3D
AutoCAD Mechanical
AutoCAD MEP
AutoCAD Plant 3D
AutoCAD LT
AutoCAD Mac
AutoCAD Mac LT

Software vendor:
Autodesk

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the handling of DWF files. A remote attacker can trick a victim to open a specially crafted file, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's website.

• https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005
• https://www.zerodayinitiative.com/advisories/ZDI-22-574/