CVE-2022-25790

Summary

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.

Affected Software

VendorProductVersion RangeStatus
n/aAutodesk Navisworks, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D2022.1, 2022.1.1affected

Weaknesses

  • Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

References