What is the vulnerability ID?

The vulnerability ID is CVE-2022-27529.

What software versions are affected?

Autodesk AutoCAD versions 2019 to 2022, Autodesk Advance Steel versions 2019 to 2022, Autodesk AutoCAD Architecture versions 2019 to 2022, Autodesk AutoCAD Electrical versions 2019 to 2022, Autodesk AutoCAD LT versions 2019 to 2022, Autodesk AutoCAD Map 3D versions 2019 to 2022, Autodesk AutoCAD Mechanical versions 2019 to 2022, Autodesk AutoCAD MEP versions 2019 to 2022, Autodesk AutoCAD Plant 3D versions 2019 to 2022, and Autodesk Civil 3D versions 2019 to 2022 are affected.

What is the severity of CVE-2022-27529?

The severity of CVE-2022-27529 is high, with a CVSS score of 7.8.

How can this vulnerability be exploited?

This vulnerability can be exploited by using a maliciously crafted PICT, BMP, PSD, or TIF file.

Is there a fix for CVE-2022-27529?

Yes, Autodesk has released a security advisory with a patch to address this vulnerability. Please refer to the Autodesk website for more information.

Vulnerability/
CVE-2022-27529

high

7.8

CWE

787

18/4/2022

3/8/2024

CVE-2022-27529

First published: Mon Apr 18 2022(Updated: )

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.

Credit: psirt@autodesk.com

Affected Software	Affected Version	How to fix
Autodesk AutoCAD Advance Steel	>=2019<2019.1.4
Autodesk AutoCAD Advance Steel	>=2020<2020.1.5
Autodesk AutoCAD Advance Steel	>=2021<2021.1.2
Autodesk AutoCAD Advance Steel	>=2022<2022.1.2
AutoCAD	>=2019<2019.1.4
AutoCAD	>=2020<2020.1.5
AutoCAD	>=2021<2021.1.2
AutoCAD	>=2022<2022.1.2
Autodesk AutoCAD LT for macOS	>=2022<2022.2.2
AutoCAD	>=2019<2019.1.4
AutoCAD	>=2020<2020.1.5
AutoCAD	>=2021<2021.1.2
AutoCAD	>=2022<2022.1.2
AutoCAD	>=2019<2019.1.4
AutoCAD	>=2020<2020.1.5
AutoCAD	>=2021<2021.1.2
AutoCAD	>=2022<2022.1.2
AutoCAD LT	>=2019<2019.1.4
AutoCAD LT	>=2020<2020.1.5
AutoCAD LT	>=2021<2021.1.2
AutoCAD LT	>=2022<2022.1.2
Autodesk AutoCAD LT for macOS	>=2022<2022.2.2
AutoCAD	>=2019<2019.1.4
AutoCAD	>=2020<2020.1.5
AutoCAD	>=2021<2021.1.2
AutoCAD	>=2022<2022.1.2
AutoCAD	>=2019<2019.1.4
AutoCAD	>=2020<2020.1.5
AutoCAD	>=2021<2021.1.2
AutoCAD	>=2022<2022.1.2
AutoCAD	>=2019<2019.1.4
AutoCAD	>=2020<2020.1.5
AutoCAD	>=2021<2021.1.2
AutoCAD	>=2022<2022.1.2
AutoCAD	>=2019<2019.1.4
AutoCAD	>=2020<2020.1.5
AutoCAD	>=2021<2021.1.2
AutoCAD	>=2022<2022.1.2
Autodesk AutoCAD Civil 3D	>=2019<2019.1.4
Autodesk AutoCAD Civil 3D	>=2020<2020.1.5
Autodesk AutoCAD Civil 3D	>=2021<2021.1.2
Autodesk AutoCAD Civil 3D	>=2022<2022.1.2

Never miss a vulnerability like this again

Reference Links

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2022-27529.
What software versions are affected?
Autodesk AutoCAD versions 2019 to 2022, Autodesk Advance Steel versions 2019 to 2022, Autodesk AutoCAD Architecture versions 2019 to 2022, Autodesk AutoCAD Electrical versions 2019 to 2022, Autodesk AutoCAD LT versions 2019 to 2022, Autodesk AutoCAD Map 3D versions 2019 to 2022, Autodesk AutoCAD Mechanical versions 2019 to 2022, Autodesk AutoCAD MEP versions 2019 to 2022, Autodesk AutoCAD Plant 3D versions 2019 to 2022, and Autodesk Civil 3D versions 2019 to 2022 are affected.
What is the severity of CVE-2022-27529?
The severity of CVE-2022-27529 is high, with a CVSS score of 7.8.
How can this vulnerability be exploited?
This vulnerability can be exploited by using a maliciously crafted PICT, BMP, PSD, or TIF file.
Is there a fix for CVE-2022-27529?
Yes, Autodesk has released a security advisory with a patch to address this vulnerability. Please refer to the Autodesk website for more information.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/references
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/autodesk
canonical/autodesk autocad advance steel
version/autodesk autocad advance steel/2019
version/autodesk autocad advance steel/2020
version/autodesk autocad advance steel/2021
version/autodesk autocad advance steel/2022
canonical/autocad
version/autocad/2019
version/autocad/2020
version/autocad/2021
version/autocad/2022
canonical/autodesk autocad lt for macos
version/autodesk autocad lt for macos/2022
canonical/autocad lt
version/autocad lt/2019
version/autocad lt/2020
version/autocad lt/2021
version/autocad lt/2022
canonical/autodesk autocad civil 3d
version/autodesk autocad civil 3d/2019
version/autodesk autocad civil 3d/2020
version/autodesk autocad civil 3d/2021
version/autodesk autocad civil 3d/2022