Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-42935

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Published

2022-10-21T16:15:11.697

Last Modified

2025-05-07T20:15:22.523

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	autodesk	autocad	2019	Yes
Application	autodesk	autocad	2020	Yes
Application	autodesk	autocad	2021	Yes
Application	autodesk	autocad	2022	Yes
Application	autodesk	autocad	2022	Yes
Application	autodesk	autocad	2023	Yes
Application	autodesk	autocad_advance_steel	2019	Yes
Application	autodesk	autocad_advance_steel	2020	Yes
Application	autodesk	autocad_advance_steel	2021	Yes
Application	autodesk	autocad_advance_steel	2022	Yes
Application	autodesk	autocad_advance_steel	2023	Yes
Application	autodesk	autocad_architecture	2019	Yes
Application	autodesk	autocad_architecture	2020	Yes
Application	autodesk	autocad_architecture	2021	Yes
Application	autodesk	autocad_architecture	2022	Yes
Application	autodesk	autocad_architecture	2023	Yes
Application	autodesk	autocad_civil_3d	2019	Yes
Application	autodesk	autocad_civil_3d	2020	Yes
Application	autodesk	autocad_civil_3d	2021	Yes
Application	autodesk	autocad_civil_3d	2022	Yes
Application	autodesk	autocad_civil_3d	2023	Yes
Application	autodesk	autocad_electrical	2019	Yes
Application	autodesk	autocad_electrical	2020	Yes
Application	autodesk	autocad_electrical	2021	Yes
Application	autodesk	autocad_electrical	2022	Yes
Application	autodesk	autocad_electrical	2023	Yes
Application	autodesk	autocad_lt	2019	Yes
Application	autodesk	autocad_lt	2020	Yes
Application	autodesk	autocad_lt	2021	Yes
Application	autodesk	autocad_lt	2022	Yes
Application	autodesk	autocad_lt	2022	Yes
Application	autodesk	autocad_lt	2023	Yes
Application	autodesk	autocad_map_3d	2019	Yes
Application	autodesk	autocad_map_3d	2020	Yes
Application	autodesk	autocad_map_3d	2021	Yes
Application	autodesk	autocad_map_3d	2022	Yes
Application	autodesk	autocad_map_3d	2023	Yes
Application	autodesk	autocad_mechanical	2019	Yes
Application	autodesk	autocad_mechanical	2020	Yes
Application	autodesk	autocad_mechanical	2021	Yes
Application	autodesk	autocad_mechanical	2022	Yes
Application	autodesk	autocad_mechanical	2023	Yes
Application	autodesk	autocad_mep	2019	Yes
Application	autodesk	autocad_mep	2020	Yes
Application	autodesk	autocad_mep	2021	Yes
Application	autodesk	autocad_mep	2022	Yes
Application	autodesk	autocad_mep	2023	Yes
Application	autodesk	autocad_plant_3d	2019	Yes
Application	autodesk	autocad_plant_3d	2020	Yes
Application	autodesk	autocad_plant_3d	2021	Yes
Application	autodesk	autocad_plant_3d	2022	Yes
Application	autodesk	autocad_plant_3d	2023	Yes
Application	autodesk	design_review	2018	Yes

References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 Patch, Vendor Advisory ([email protected])
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)