Description

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

Related CPE's

a

autodesk

3ds_max

2

a

autodesk

advance_steel

4

a

autodesk

autocad

5

a

autodesk

autocad_architecture

4

a

autodesk

autocad_civil_3d

4

a

autodesk

autocad_electrical

4

a

autodesk

autocad_lt

5

a

autodesk

autocad_map_3d

4

a

autodesk

autocad_mechanical

4

a

autodesk

autocad_mep

4

a

autodesk

autocad_plant_3d

4

a

autodesk

design_review

2018

-

Vulnerable

a

autodesk

navisworks

3

a

autodesk

revit

3

References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-770

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-06-21T13:15:08.863Z

3 years ago

Last modified

2024-11-21T05:56:22.103Z

1 year ago