CVE-2022-27529

HIGH

Autodesk AutoCAD and Advance Steel - Out-of-bounds Write via Malicious PICT, BMP, PSD or TIF File

Title source: llm

Description

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Scores

CVSS v3 7.8

EPSS 0.0037

EPSS Percentile 58.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (12)

autodesk/advance_steel 2019 - 2019.1.4

autodesk/autocad 2019 - 2019.1.4

autodesk/autocad 2022 - 2022.2.2

autodesk/autocad_architecture 2019 - 2019.1.4

autodesk/autocad_electrical 2019 - 2019.1.4

autodesk/autocad_lt 2019 - 2019.1.4

autodesk/autocad_lt 2022 - 2022.2.2

autodesk/autocad_map_3d 2019 - 2019.1.4

autodesk/autocad_mechanical 2019 - 2019.1.4

autodesk/autocad_mep 2019 - 2019.1.4

... and 2 more

Published Apr 18, 2022

Tracked Since Feb 18, 2026