CVE-2022-41301

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
autodeskCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
autodesksubassembly_composer
2020 ≤
𝑥
< 2020.6.3
autodesksubassembly_composer
2021 ≤
𝑥
< 2021.3.2
autodesksubassembly_composer
2022 ≤
𝑥
< 2022.2.1
autodesksubassembly_composer
2023 ≤
𝑥
< 2023.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0018
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0018