CVE-2022-33888
First published: Mon Oct 03 2022(Updated: )
A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Autocad | >=2022<2022.1.3 | |
| Autodesk Autocad | >=2023<2023.1.1 | |
| Autodesk Autocad Advance Steel | >=2022<2022.1.3 | |
| Autodesk Autocad Advance Steel | >=2023<2023.1.1 | |
| Autodesk AutoCAD Architecture | >=2022<2022.1.3 | |
| Autodesk AutoCAD Architecture | >=2023<2023.1.1 | |
| Autodesk Autocad Civil 3d | >=2022<2022.1.3 | |
| Autodesk Autocad Civil 3d | >=2023<2023.1.1 | |
| Autodesk AutoCAD Electrical | >=2022<2022.1.3 | |
| Autodesk AutoCAD Electrical | >=2023<2023.1.1 | |
| Autodesk Autocad Lt | >=2022<2022.1.3 | |
| Autodesk Autocad Lt | >=2023<2023.1.1 | |
| Autodesk AutoCAD Map 3D | >=2022<2022.1.3 | |
| Autodesk AutoCAD Map 3D | >=2023<2023.1.1 | |
| Autodesk AutoCAD Mechanical | >=2022<2022.1.3 | |
| Autodesk AutoCAD Mechanical | >=2023<2023.1.1 | |
| Autodesk AutoCAD MEP | >=2022<2022.1.3 | |
| Autodesk AutoCAD MEP | >=2023<2023.1.1 | |
| Autodesk AutoCAD Plant 3D | >=2022<2022.1.3 | |
| Autodesk AutoCAD Plant 3D | >=2023<2023.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-33888.
What is the affected software?
The affected software includes Autodesk Autocad, Autodesk Autocad Advance Steel, Autodesk AutoCAD Architecture, Autodesk Autocad Civil 3d, Autodesk AutoCAD Electrical, Autodesk Autocad Lt, Autodesk AutoCAD Map 3D, Autodesk AutoCAD Mechanical, Autodesk AutoCAD MEP, and Autodesk AutoCAD Plant 3D.
What is the severity of CVE-2022-33888?
The severity of CVE-2022-33888 is high, with a CVSS score of 7.8.
How does CVE-2022-33888 impact the system?
CVE-2022-33888 could lead to memory corruption vulnerability by write access violation, which, in conjunction with other vulnerabilities, could result in code execution in the context of the current process.
How can I fix CVE-2022-33888?
To fix CVE-2022-33888, it is recommended to update the affected Autodesk DWG application to a version between 2022.1.3 and 2023.1.1, depending on the specific software.
- collector/nvd-index
- vendor/autodesk
- canonical/autodesk autocad
- version/autodesk autocad/2022
- version/autodesk autocad/2023
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2022
- version/autodesk autocad advance steel/2023
- canonical/autodesk autocad architecture
- version/autodesk autocad architecture/2022
- version/autodesk autocad architecture/2023
- canonical/autodesk autocad civil 3d
- version/autodesk autocad civil 3d/2022
- version/autodesk autocad civil 3d/2023
- canonical/autodesk autocad electrical
- version/autodesk autocad electrical/2022
- version/autodesk autocad electrical/2023
- canonical/autodesk autocad lt
- version/autodesk autocad lt/2022
- version/autodesk autocad lt/2023
- canonical/autodesk autocad map 3d
- version/autodesk autocad map 3d/2022
- version/autodesk autocad map 3d/2023
- canonical/autodesk autocad mechanical
- version/autodesk autocad mechanical/2022
- version/autodesk autocad mechanical/2023
- canonical/autodesk autocad mep
- version/autodesk autocad mep/2022
- version/autodesk autocad mep/2023
- canonical/autodesk autocad plant 3d
- version/autodesk autocad plant 3d/2022
- version/autodesk autocad plant 3d/2023