CVE-2022-27872

HIGH

Autodesk Navisworks - Improper Exception Handling

Title source: rule

Description

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.

References (1)

[Vendor Advisory] https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011

Scores

CVSS v3 7.8

EPSS 0.0042

EPSS Percentile 61.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-755

Status published

Affected Products (1)

autodesk/navisworks

Timeline

Published Jun 21, 2022

Tracked Since Feb 18, 2026