CVE-2022-27529

EUVD-2022-32030
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
autodeskadvance_steel
2019 ≤
𝑥
< 2019.1.4
autodeskadvance_steel
2020 ≤
𝑥
< 2020.1.5
autodeskadvance_steel
2021 ≤
𝑥
< 2021.1.2
autodeskadvance_steel
2022 ≤
𝑥
< 2022.1.2
autodeskautocad
2019 ≤
𝑥
< 2019.1.4
autodeskautocad
2020 ≤
𝑥
< 2020.1.5
autodeskautocad
2021 ≤
𝑥
< 2021.1.2
autodeskautocad
2022 ≤
𝑥
< 2022.1.2
autodeskautocad
2022 ≤
𝑥
< 2022.2.2
autodeskautocad_architecture
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_architecture
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_architecture
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_architecture
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_electrical
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_electrical
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_electrical
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_electrical
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_lt
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_lt
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_lt
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_lt
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_lt
2022 ≤
𝑥
< 2022.2.2
autodeskautocad_map_3d
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_map_3d
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_map_3d
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_map_3d
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_mechanical
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_mechanical
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_mechanical
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_mechanical
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_mep
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_mep
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_mep
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_mep
2022 ≤
𝑥
< 2022.1.2
autodeskautocad_plant_3d
2019 ≤
𝑥
< 2019.1.4
autodeskautocad_plant_3d
2020 ≤
𝑥
< 2020.1.5
autodeskautocad_plant_3d
2021 ≤
𝑥
< 2021.1.2
autodeskautocad_plant_3d
2022 ≤
𝑥
< 2022.1.2
autodeskcivil_3d
2019 ≤
𝑥
< 2019.1.4
autodeskcivil_3d
2020 ≤
𝑥
< 2020.1.5
autodeskcivil_3d
2021 ≤
𝑥
< 2021.1.2
autodeskcivil_3d
2022 ≤
𝑥
< 2022.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004