V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2022-25789
CVE
High

A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerabilit…

CVSS
7.8
High
EPSS
0.01
p70
Published
2022-01-01
Updated
2022-01-01
Description

A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Tags · CWE
LPE
CWE-416
Affected products
Advance_steel 2019–2019.1.4Advance_steel 2020–2020.1.5Advance_steel 2021–2021.1.2Advance_steel 2022–2022.1.2Autocad 2019–2019.1.4Autocad 2020–2020.1.5Autocad 2021–2021.1.2Autocad 2022–2022.1.2Autocad 2022–2022.2.2Autocad_architecture 2019–2019.1.4Autocad_architecture 2020–2020.1.5Autocad_architecture 2021–2021.1.2Autocad_architecture 2022–2022.1.2Autocad_electrical 2019–2019.1.4Autocad_electrical 2020–2020.1.5Autocad_electrical 2021–2021.1.2Autocad_electrical 2022–2022.1.2Autocad_lt 2019–2019.1.4Autocad_lt 2020–2020.1.5Autocad_lt 2021–2021.1.2Autocad_lt 2022–2022.1.2Autocad_map_3d 2019–2019.1.4Autocad_map_3d 2020–2020.1.5Autocad_map_3d 2021–2021.1.2Autocad_map_3d 2022–2022.1.2Autocad_mechanical 2019–2019.1.4Autocad_mechanical 2020–2020.1.5Autocad_mechanical 2021–2021.1.2Autocad_mechanical 2022–2022.1.2Autocad_mep 2019–2019.1.4Autocad_mep 2020–2020.1.5Autocad_mep 2021–2021.1.2Autocad_mep 2022–2022.1.2Autocad_plant_3d 2019–2019.1.4Autocad_plant_3d 2020–2020.1.5Autocad_plant_3d 2021–2021.1.2Autocad_plant_3d 2022–2022.1.2Civil_3d 2019–2019.1.4Civil_3d 2020–2020.1.5Civil_3d 2021–2021.1.2Civil_3d 2022–2022.1.2
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: R
Required (R)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.015 · p70
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Autodesk
AutocadAutocad ElectricalAutocad MechanicalAutocad ArchitectureAutocad MepAutocad Plant 3dAutocad Map 3dAdvance SteelCivil 3dAutocad Lt
ProductVendorStatus
advance_steel*Tracked
autocad*Tracked
autocad_architecture*Tracked
autocad_electrical*Tracked
autocad_lt*Tracked
autocad_map_3d*Tracked
autocad_mechanical*Tracked
autocad_mep*Tracked
autocad_plant_3d*Tracked
civil_3d*Tracked
Source databases
CVE