CVE-2022-27529

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.

Published: Apr 18, 2022
Updated: Nov 16, 2025
CVE: CVE-2022-27529
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
autodesk / autocad_architecture	2022	2022.1.2
autodesk / autocad_electrical	2022	2022.1.2
autodesk / autocad_map_3d	2022	2022.1.2
autodesk / autocad_mechanical	2022	2022.1.2
autodesk / autocad_mep	2022	2022.1.2
autodesk / autocad_plant_3d	2022	2022.1.2
autodesk / civil_3d	2022	2022.1.2
autodesk / advance_steel	2022	2022.1.2
autodesk / autocad_architecture	2019	2019.1.4
autodesk / autocad_architecture	2020	2020.1.5
autodesk / autocad_architecture	2021	2021.1.2
autodesk / autocad_electrical	2019	2019.1.4
autodesk / autocad_electrical	2020	2020.1.5
autodesk / autocad_electrical	2021	2021.1.2
autodesk / autocad_map_3d	2021	2021.1.2
autodesk / autocad_map_3d	2020	2020.1.5
autodesk / autocad_map_3d	2019	2019.1.4
autodesk / autocad_mechanical	2019	2019.1.4
autodesk / autocad_mechanical	2020	2020.1.5
autodesk / autocad_mechanical	2021	2021.1.2
autodesk / autocad_mep	2021	2021.1.2
autodesk / autocad_mep	2020	2020.1.5
autodesk / autocad_mep	2019	2019.1.4
autodesk / autocad_plant_3d	2019	2019.1.4
autodesk / autocad_plant_3d	2020	2020.1.5
autodesk / autocad_plant_3d	2021	2021.1.2
autodesk / civil_3d	2019	2019.1.4
autodesk / civil_3d	2020	2020.1.5
autodesk / civil_3d	2021	2021.1.2
autodesk / advance_steel	2019	2019.1.4
autodesk / advance_steel	2020	2020.1.5
autodesk / advance_steel	2021	2021.1.2
autodesk / autocad	2022	2022.2.2
autodesk / autocad_lt	2022	2022.2.2
autodesk / autocad	2019	2019.1.4
autodesk / autocad	2020	2020.1.5
autodesk / autocad	2021	2021.1.2
autodesk / autocad	2022	2022.1.2
autodesk / autocad_lt	2019	2019.1.4
autodesk / autocad_lt	2020	2020.1.5
autodesk / autocad_lt	2021	2021.1.2
autodesk / autocad_lt	2022	2022.1.2

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Vulnerability Database

313,825

CVE-2022-27529

Deep Security Visibility Without the Complexity