Description
The details of the vulnerabilities are as follows:
1) CVE-2022-25789 - A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
2) CVE-2022-25790 - A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022, 2020, and 2019 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.
3) CVE-2022-25791 - A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022, 2020, and 2019 may lead to code execution through maliciously crafted DLL files.
4) CVE-2022-25792 - A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.
5) CVE-2022-25796 - A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
6) CVE-2022-27528 - A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2023, 2022, 2021, 2020, and 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution
7) CVE-2022-27868 - A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.