Vulnerability Description
A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Autodesk | Autocad | >= 2022, < 2022.1.3 |
| Autodesk | Autocad Advance Steel | >= 2022, < 2022.1.3 |
| Autodesk | Autocad Architecture | >= 2022, < 2022.1.3 |
| Autodesk | Autocad Civil 3D | >= 2022, < 2022.1.3 |
| Autodesk | Autocad Electrical | >= 2022, < 2022.1.3 |
| Autodesk | Autocad Lt | >= 2022, < 2022.1.3 |
| Autodesk | Autocad Map 3D | >= 2022, < 2022.1.3 |
| Autodesk | Autocad Mechanical | >= 2022, < 2022.1.3 |
| Autodesk | Autocad Mep | >= 2022, < 2022.1.3 |
| Autodesk | Autocad Plant 3D | >= 2022, < 2022.1.3 |
Related Weaknesses (CWE)
References
- https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020Vendor Advisory
- https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020Vendor Advisory
FAQ
What is CVE-2022-33886?
CVE-2022-33886 is a vulnerability with a CVSS score of 7.8 (HIGH). A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability ex...
How severe is CVE-2022-33886?
CVE-2022-33886 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-33886?
Check the references section above for vendor advisories and patch information. Affected products include: Autodesk Autocad, Autodesk Autocad Advance Steel, Autodesk Autocad Architecture, Autodesk Autocad Civil 3D, Autodesk Autocad Electrical.