Dwg Trueview
CVE-2022-27523
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
AnalysisAI
A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. Affected products include: Autodesk Dwg Trueview.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Dwg Trueview
View allA maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overf
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vuln
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerab
A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vul
A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerabil
A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior t
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Sta
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Ou
A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write v
A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. Ra
DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnera
A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond
Same weakness CWE-125 – Out-of-bounds Read
View allShare
External POC / Exploit Code
Leaving vuln.today