CVE-2022-33886
First published: Mon Oct 03 2022(Updated: )
A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Autocad | >=2022<2022.1.3 | |
| Autodesk Autocad | >=2023<2023.1.1 | |
| Autodesk Autocad Advance Steel | >=2022<2022.1.3 | |
| Autodesk Autocad Advance Steel | >=2023<2023.1.1 | |
| Autodesk AutoCAD Architecture | >=2022<2022.1.3 | |
| Autodesk AutoCAD Architecture | >=2023<2023.1.1 | |
| Autodesk Autocad Civil 3d | >=2022<2022.1.3 | |
| Autodesk Autocad Civil 3d | >=2023<2023.1.1 | |
| Autodesk AutoCAD Electrical | >=2022<2022.1.3 | |
| Autodesk AutoCAD Electrical | >=2023<2023.1.1 | |
| Autodesk Autocad Lt | >=2022<2022.1.3 | |
| Autodesk Autocad Lt | >=2023<2023.1.1 | |
| Autodesk AutoCAD Map 3D | >=2022<2022.1.3 | |
| Autodesk AutoCAD Map 3D | >=2023<2023.1.1 | |
| Autodesk AutoCAD Mechanical | >=2022<2022.1.3 | |
| Autodesk AutoCAD Mechanical | >=2023<2023.1.1 | |
| Autodesk AutoCAD MEP | >=2022<2022.1.3 | |
| Autodesk AutoCAD MEP | >=2023<2023.1.1 | |
| Autodesk AutoCAD Plant 3D | >=2022<2022.1.3 | |
| Autodesk AutoCAD Plant 3D | >=2023<2023.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-33886?
The severity of CVE-2022-33886 is high.
Which software versions are affected by CVE-2022-33886?
Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022 are affected by CVE-2022-33886.
How can CVE-2022-33886 be exploited?
CVE-2022-33886 can be exploited by using a maliciously crafted MODEL and SLDPRT file to write beyond the allocated buffer.
What is the CWE value for CVE-2022-33886?
The CWE value for CVE-2022-33886 is 755.
Where can I find more information about CVE-2022-33886?
More information about CVE-2022-33886 can be found at the following link: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020
- collector/nvd-index
- agent/weakness
- agent/description
- agent/event
- agent/author
- agent/references
- agent/severity
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/autodesk
- canonical/autodesk autocad
- version/autodesk autocad/2022
- version/autodesk autocad/2023
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2022
- version/autodesk autocad advance steel/2023
- canonical/autodesk autocad architecture
- version/autodesk autocad architecture/2022
- version/autodesk autocad architecture/2023
- canonical/autodesk autocad civil 3d
- version/autodesk autocad civil 3d/2022
- version/autodesk autocad civil 3d/2023
- canonical/autodesk autocad electrical
- version/autodesk autocad electrical/2022
- version/autodesk autocad electrical/2023
- canonical/autodesk autocad lt
- version/autodesk autocad lt/2022
- version/autodesk autocad lt/2023
- canonical/autodesk autocad map 3d
- version/autodesk autocad map 3d/2022
- version/autodesk autocad map 3d/2023
- canonical/autodesk autocad mechanical
- version/autodesk autocad mechanical/2022
- version/autodesk autocad mechanical/2023
- canonical/autodesk autocad mep
- version/autodesk autocad mep/2022
- version/autodesk autocad mep/2023
- canonical/autodesk autocad plant 3d
- version/autodesk autocad plant 3d/2022
- version/autodesk autocad plant 3d/2023