CVE-2022-42939

HIGH

AutoCAD - Out-of-bounds Write via Crafted TGA File

Title source: llm

Description

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Scores

CVSS v3 7.8

EPSS 0.0022

EPSS Percentile 43.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-787

Status published

Products (48)

autodesk/autocad 2019

autodesk/autocad 2020

autodesk/autocad 2021

autodesk/autocad 2022 (2 CPE variants)

autodesk/autocad 2023

autodesk/autocad_advance_steel 2019

autodesk/autocad_advance_steel 2020

autodesk/autocad_advance_steel 2021

autodesk/autocad_advance_steel 2022

autodesk/autocad_advance_steel 2023

... and 38 more

Published Oct 21, 2022

Tracked Since Feb 18, 2026