What is CVE-2022-25793?

CVE-2022-25793 is a stack-based buffer overflow vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 that may lead to code execution through the lack of proper validation of the length of user-supplied data.

What software versions are affected by CVE-2022-25793?

CVE-2022-25793 affects Autodesk 3ds Max versions 2022.3.3 to 2022, 2021.3.10 to 2021, and 2020.3.6 to 2020.

What is the severity of CVE-2022-25793?

CVE-2022-25793 has a severity rating of 7.8 (high).

How can CVE-2022-25793 be exploited?

CVE-2022-25793 can be exploited by providing user-supplied data with a length that exceeds the bounds of a fixed-length stack-based buffer when parsing ActionScript Byte Code files.

Is there a fix available for CVE-2022-25793?

Yes, Autodesk has released security updates to address the vulnerability. It is recommended to update to the latest version of Autodesk 3ds Max.

Vulnerability/
CVE-2022-25793

high

7.8

CWE

1284 119

10/8/2022

8/8/2023

CVE-2022-25793: Buffer Overflow

First published: Wed Aug 10 2022(Updated: )

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.

Credit: psirt@autodesk.com psirt@autodesk.com

Affected Software	Affected Version	How to fix
Autodesk 3ds Max	>=2020<2020.3.6
Autodesk 3ds Max	>=2021<2021.3.10
Autodesk 3ds Max	>=2022<=2022.3.3

Never miss a vulnerability like this again

Reference Links

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0006

Frequently Asked Questions

What is CVE-2022-25793?
CVE-2022-25793 is a stack-based buffer overflow vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 that may lead to code execution through the lack of proper validation of the length of user-supplied data.
What software versions are affected by CVE-2022-25793?
CVE-2022-25793 affects Autodesk 3ds Max versions 2022.3.3 to 2022, 2021.3.10 to 2021, and 2020.3.6 to 2020.
What is the severity of CVE-2022-25793?
CVE-2022-25793 has a severity rating of 7.8 (high).
How can CVE-2022-25793 be exploited?
CVE-2022-25793 can be exploited by providing user-supplied data with a length that exceeds the bounds of a fixed-length stack-based buffer when parsing ActionScript Byte Code files.
Is there a fix available for CVE-2022-25793?
Yes, Autodesk has released security updates to address the vulnerability. It is recommended to update to the latest version of Autodesk 3ds Max.

collector/nvd-api
collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/tags
agent/description
agent/type
agent/event
agent/first-publish-date
agent/softwarecombine
vendor/autodesk
canonical/autodesk 3ds max
version/autodesk 3ds max/2020
version/autodesk 3ds max/2021
version/autodesk 3ds max/2022
version/autodesk 3ds max/2022.3.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.