CVE-2022-41307
First published: Fri Oct 14 2022(Updated: )
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Subassembly Composer | =2020 | |
| Autodesk Subassembly Composer | =2021 | |
| Autodesk Subassembly Composer | =2022 | |
| Autodesk Subassembly Composer | =2023 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-41307?
CVE-2022-41307 is a memory corruption vulnerability in Autodesk Subassembly Composer.
How can CVE-2022-41307 be exploited?
CVE-2022-41307 can be exploited by consuming a maliciously crafted PKT file through the SubassemblyComposer.exe application.
What is the severity of CVE-2022-41307?
CVE-2022-41307 has a severity score of 7.8 (high).
Which versions of Autodesk Subassembly Composer are affected by CVE-2022-41307?
Autodesk Subassembly Composer versions 2020, 2021, 2022, and 2023 are affected by CVE-2022-41307.
How can I mitigate CVE-2022-41307?
To mitigate CVE-2022-41307, it is recommended to update to the latest version of Autodesk Subassembly Composer.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/autodesk
- canonical/autodesk subassembly composer
- version/autodesk subassembly composer/2020
- version/autodesk subassembly composer/2021
- version/autodesk subassembly composer/2022
- version/autodesk subassembly composer/2023