CVE-2022-41301

EUVD-2022-44510
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
autodesksubassembly_composer
2020 ≤
𝑥
< 2020.6.3
autodesksubassembly_composer
2021 ≤
𝑥
< 2021.3.2
autodesksubassembly_composer
2022 ≤
𝑥
< 2022.2.1
autodesksubassembly_composer
2023 ≤
𝑥
< 2023.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0018
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0018