First published: Wed Apr 13 2022(Updated: )
A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception.
Credit: psirt@autodesk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Autodesk Dwg Trueview | =2021 | |
Autodesk Dwg Trueview | =2022 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-25797.
The severity of CVE-2022-25797 is high with a CVSS score of 7.8.
The vulnerability affects Autodesk AutoCAD versions 2022, 2021, 2020, and 2019.
An attacker can use a maliciously crafted PDF file to exploit the vulnerability in Autodesk AutoCAD and potentially execute arbitrary code.
Autodesk has released a security advisory (ADSK-SA-2022-0007) with recommendations and updates to address the vulnerability. It is recommended to apply the necessary patches or updates provided by Autodesk.