CVE-2022-33890

A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Published: Oct 3, 2022
Updated: Nov 16, 2025
CVE: CVE-2022-33890
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
autodesk / design_review	2018-hotfix	2018-hotfix.x
autodesk / design_review	2018-hotfix2	2018-hotfix2.x
autodesk / design_review	2018-hotfix3	2018-hotfix3.x
autodesk / design_review	2018-hotfix4	2018-hotfix4.x
autodesk / design_review	2018	2018.x
autodesk / design_review	2018-hotfix5	2018-hotfix5.x
autodesk / autocad	2023.0.0	2023.1.1
autodesk / autocad_civil_3d	2023.0.0	2023.1.1
autodesk / autocad_mechanical	2023.0.0	2023.1.1
autodesk / autocad_plant_3d	2023.0.0	2023.1.1
autodesk / autocad_map_3d	2023.0.0	2023.1.1
autodesk / autocad_electrical	2023.0.0	2023.1.1
autodesk / autocad_mep	2023.0.0	2023.1.1
autodesk / autocad_advance_steel	2023.0.0	2023.1.1
autodesk / autocad_architecture	2023.0.0	2023.1.1
autodesk / autocad_lt	2023.0.0	2023.1.1
autodesk / autocad_lt	-	2022.1.3
autodesk / autocad_architecture	-	2022.1.3
autodesk / autocad_advance_steel	-	2022.1.3
autodesk / autocad_mep	-	2022.1.3
autodesk / autocad_electrical	-	2022.1.3
autodesk / autocad_map_3d	-	2022.1.3
autodesk / autocad_plant_3d	-	2022.1.3
autodesk / autocad_mechanical	-	2022.1.3
autodesk / autocad_civil_3d	-	2022.1.3
autodesk / autocad	-	2022.1.3
autodesk / design_review	2018-hotfix6	2018-hotfix6.x

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021

Vulnerability Database

317,182

CVE-2022-33890

Deep Security Visibility Without the Complexity