Description
The details of the vulnerabilities are as follows:
1) CVE-2022-33884 - Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023, 2022, 2021, and 2020 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
2) CVE-2022-33885 - A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023, 2022, 2021, and 2020 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
3) CVE-2022-33886 - A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.
4) CVE-2022-33887 - A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
5) CVE-2022-33888 - A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
6) CVE-2022-42946 - Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
7) CVE-2022-42947 – A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution. .