CVE-2022-33885
First published: Mon Oct 03 2022(Updated: )
A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Autocad | >=2022<2022.1.3 | |
| Autodesk Autocad | >=2023<2023.1.1 | |
| Autodesk Autocad Advance Steel | >=2022<2022.1.3 | |
| Autodesk Autocad Advance Steel | >=2023<2023.1.1 | |
| Autodesk AutoCAD Architecture | >=2022<2022.1.3 | |
| Autodesk AutoCAD Architecture | >=2023<2023.1.1 | |
| Autodesk Autocad Civil 3d | >=2022<2022.1.3 | |
| Autodesk Autocad Civil 3d | >=2023<2023.1.1 | |
| Autodesk AutoCAD Electrical | >=2022<2022.1.3 | |
| Autodesk AutoCAD Electrical | >=2023<2023.1.1 | |
| Autodesk Autocad Lt | >=2022<2022.1.3 | |
| Autodesk Autocad Lt | >=2023<2023.1.1 | |
| Autodesk AutoCAD Map 3D | >=2022<2022.1.3 | |
| Autodesk AutoCAD Map 3D | >=2023<2023.1.1 | |
| Autodesk AutoCAD Mechanical | >=2022<2022.1.3 | |
| Autodesk AutoCAD Mechanical | >=2023<2023.1.1 | |
| Autodesk AutoCAD MEP | >=2022<2022.1.3 | |
| Autodesk AutoCAD MEP | >=2023<2023.1.1 | |
| Autodesk AutoCAD Plant 3D | >=2022<2022.1.3 | |
| Autodesk AutoCAD Plant 3D | >=2023<2023.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-33885?
The severity of CVE-2022-33885 is high with a CVSS score of 7.8.
Which software is affected by CVE-2022-33885?
Autodesk AutoCAD 2023 and 2022, Autodesk AutoCAD Advance Steel, Autodesk AutoCAD Architecture, Autodesk AutoCAD Civil 3D, Autodesk AutoCAD Electrical, Autodesk AutoCAD LT, Autodesk AutoCAD Map 3D, Autodesk AutoCAD Mechanical, Autodesk AutoCAD MEP, and Autodesk AutoCAD Plant 3D are affected by CVE-2022-33885.
What is the vulnerability in CVE-2022-33885?
CVE-2022-33885 is a vulnerability that allows a maliciously crafted X_B, CATIA, and PDF file to be used to write beyond the allocated buffer, potentially leading to arbitrary code execution.
How can CVE-2022-33885 be exploited?
CVE-2022-33885 can be exploited by parsing a malicious X_B, CATIA, or PDF file through vulnerable versions of Autodesk AutoCAD, resulting in the execution of arbitrary code.
Is there a fix for CVE-2022-33885?
Yes, Autodesk has released a security advisory (ADSK-SA-2022-0020) that provides information and updates to address CVE-2022-33885.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/autodesk
- canonical/autodesk autocad
- version/autodesk autocad/2022
- version/autodesk autocad/2023
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2022
- version/autodesk autocad advance steel/2023
- canonical/autodesk autocad architecture
- version/autodesk autocad architecture/2022
- version/autodesk autocad architecture/2023
- canonical/autodesk autocad civil 3d
- version/autodesk autocad civil 3d/2022
- version/autodesk autocad civil 3d/2023
- canonical/autodesk autocad electrical
- version/autodesk autocad electrical/2022
- version/autodesk autocad electrical/2023
- canonical/autodesk autocad lt
- version/autodesk autocad lt/2022
- version/autodesk autocad lt/2023
- canonical/autodesk autocad map 3d
- version/autodesk autocad map 3d/2022
- version/autodesk autocad map 3d/2023
- canonical/autodesk autocad mechanical
- version/autodesk autocad mechanical/2022
- version/autodesk autocad mechanical/2023
- canonical/autodesk autocad mep
- version/autodesk autocad mep/2022
- version/autodesk autocad mep/2023
- canonical/autodesk autocad plant 3d
- version/autodesk autocad plant 3d/2022
- version/autodesk autocad plant 3d/2023