#VU61953 Buffer overflow in Autodesk Other software


Published: 2022-04-07 | Updated: 2022-04-08

Vulnerability identifier: #VU61953

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25795

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
DWG Trueview
Client/Desktop applications / Multimedia software
Autodesk Civil 3D
Client/Desktop applications / Multimedia software
AutoCAD Map 3D
Client/Desktop applications / Multimedia software
AutoCAD Mechanical
Client/Desktop applications / Multimedia software
AutoCAD MEP
Client/Desktop applications / Multimedia software
AutoCAD Plant 3D
Client/Desktop applications / Multimedia software
AutoCAD LT
Client/Desktop applications / Multimedia software
Advance Steel
Client/Desktop applications / Multimedia software
AutoCAD for Mac
Client/Desktop applications / Multimedia software
AutoCAD for Mac LT
Client/Desktop applications / Multimedia software
AutoCAD Electrical
Client/Desktop applications / Multimedia software
AutoCAD Architecture
Client/Desktop applications / Multimedia software
Autodesk AutoCAD
Other software / Other software solutions

Vendor: Autodesk

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

DWG Trueview: 2019 - 2022

Autodesk Civil 3D: 2019 - 2022

AutoCAD Map 3D: 2019 - 2022

AutoCAD Mechanical: 2019 - 2022

AutoCAD MEP: 2019 - 2022

AutoCAD Plant 3D: 2019 - 2022

AutoCAD LT: 2019 - 2022.0

Advance Steel: 2019 - 2022

AutoCAD for Mac: 2020 - 2022

AutoCAD for Mac LT: 2020 - 2022

AutoCAD Electrical: 2019 - 2022

AutoCAD Architecture: 2019 - 2022

Autodesk AutoCAD: 2019, 2020, 2021, 2022


External links
http://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007
http://www.zerodayinitiative.com/advisories/ZDI-22-552/
http://www.zerodayinitiative.com/advisories/ZDI-22-551/
http://www.zerodayinitiative.com/advisories/ZDI-22-550/
http://www.zerodayinitiative.com/advisories/ZDI-22-549/
http://www.zerodayinitiative.com/advisories/ZDI-22-548/
http://www.zerodayinitiative.com/advisories/ZDI-22-556/
http://www.zerodayinitiative.com/advisories/ZDI-22-555/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability