CVE-2022-33889

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.

Published: Oct 3, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-33889
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
autodesk / design_review	2018-hotfix	2018-hotfix.x
autodesk / design_review	2018-hotfix2	2018-hotfix2.x
autodesk / design_review	2018-hotfix3	2018-hotfix3.x
autodesk / design_review	2018-hotfix4	2018-hotfix4.x
autodesk / design_review	2018	2018.x
autodesk / design_review	-	2018
autodesk / design_review	2018-hotfix5	2018-hotfix5.x
autodesk / autocad	2023.0.0	2023.1.1
autodesk / autocad_civil_3d	2023.0.0	2023.1.1
autodesk / autocad_mechanical	2023.0.0	2023.1.1
autodesk / autocad_plant_3d	2023.0.0	2023.1.1
autodesk / autocad_map_3d	2023.0.0	2023.1.1
autodesk / autocad_electrical	2023.0.0	2023.1.1
autodesk / autocad_mep	2023.0.0	2023.1.1
autodesk / autocad_advance_steel	2023.0.0	2023.1.1
autodesk / autocad_architecture	2023.0.0	2023.1.1
autodesk / autocad_lt	2023.0.0	2023.1.1
autodesk / autocad_lt	-	2022.1.3
autodesk / autocad_architecture	-	2022.1.3
autodesk / autocad_advance_steel	-	2022.1.3
autodesk / autocad_mep	-	2022.1.3
autodesk / autocad_electrical	-	2022.1.3
autodesk / autocad_map_3d	-	2022.1.3
autodesk / autocad_plant_3d	-	2022.1.3
autodesk / autocad_mechanical	-	2022.1.3
autodesk / autocad_civil_3d	-	2022.1.3
autodesk / autocad	-	2022.1.3
autodesk / design_review	2018-hotfix6	2018-hotfix6.x

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021

Vulnerability Database

300,445

CVE-2022-33889

Deep Security Visibility Without the Complexity