CVE-2022-25797 - OpenCVE

A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Autodesk	Dwg Trueview

Configuration 1 [-]

OR	cpe:2.3:a:autodesk:dwg_trueview:2021:::::::*
	cpe:2.3:a:autodesk:dwg_trueview:2022:::::::*

References

Link	Resource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: autodesk

Published: 2022-04-13T00:00:00

Updated: 2022-10-07T00:00:00

Reserved: 2022-02-22T00:00:00

Link: CVE-2022-25797

JSON object: View

NVD Information

Status : Modified

Published: 2022-04-13T18:15:14.007

Modified: 2022-10-07T18:15:17.670

Link: CVE-2022-25797

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:dwg_trueview:2021:*:*:*:*:*:*:*", "matchCriteriaId": "3283D05E-0433-44D3-818C-9B75A73B779E", "vulnerable": true}, {"criteria": "cpe:2.3:a:autodesk:dwg_trueview:2022:*:*:*:*:*:*:*", "matchCriteriaId": "77C553DF-F08F-46E8-A81F-B58367794159", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception."}, {"lang": "es", "value": "Un archivo PDF malicioso en Autodesk AutoCAD 2022, 2021, 2020, 2019 puede ser utilizado para una escritura m\u00e1s all\u00e1 del buffer asignado mientras se analizan los archivos PDF. La vulnerabilidad existe porque la aplicaci\u00f3n no maneja un archivo PDF malicioso, lo que provoca una excepci\u00f3n no manejada"}], "id": "CVE-2022-25797", "lastModified": "2022-10-07T18:15:17.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-13T18:15:14.007", "references": [{"source": "psirt@autodesk.com", "tags": ["Vendor Advisory"], "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"}], "sourceIdentifier": "psirt@autodesk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}