1. Home
  2. CVE Database
  3. CVE-2022-27529
HIGH · 7.8

CVE-2022-27529

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerabilit...

Vulnerability Description

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AutodeskAdvance Steel>= 2019, < 2019.1.4
AutodeskAutocad>= 2019, < 2019.1.4
AutodeskAutocad Architecture>= 2019, < 2019.1.4
AutodeskAutocad Electrical>= 2019, < 2019.1.4
AutodeskAutocad Lt>= 2019, < 2019.1.4
AutodeskAutocad Map 3D>= 2019, < 2019.1.4
AutodeskAutocad Mechanical>= 2019, < 2019.1.4
AutodeskAutocad Mep>= 2019, < 2019.1.4
AutodeskAutocad Plant 3D>= 2019, < 2019.1.4
AutodeskCivil 3D>= 2019, < 2019.1.4

Related Weaknesses (CWE)

CWE-787

References

FAQ

What is CVE-2022-27529?

CVE-2022-27529 is a vulnerability with a CVSS score of 7.8 (HIGH). A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerabilit...

How severe is CVE-2022-27529?

CVE-2022-27529 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-27529?

Check the references section above for vendor advisories and patch information. Affected products include: Autodesk Advance Steel, Autodesk Autocad, Autodesk Autocad Architecture, Autodesk Autocad Electrical, Autodesk Autocad Lt.