Strix
26.1K

CVE-2022-42941

HIGHCVSS 7.8/10EPSS 0.37%

Last modified

CVE-2022-42941 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.

Description

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability
0.37%

29.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AutodeskAutocad2019
AutodeskAutocad2020
AutodeskAutocad2021
AutodeskAutocad2022
AutodeskAutocad2023
AutodeskAutocad Advance Steel2019
AutodeskAutocad Advance Steel2020
AutodeskAutocad Advance Steel2021
AutodeskAutocad Advance Steel2022
AutodeskAutocad Advance Steel2023
AutodeskAutocad Architecture2019
AutodeskAutocad Architecture2020
AutodeskAutocad Architecture2021
AutodeskAutocad Architecture2022
AutodeskAutocad Architecture2023
AutodeskAutocad Civil 3d2019
AutodeskAutocad Civil 3d2020
AutodeskAutocad Civil 3d2021
AutodeskAutocad Civil 3d2022
AutodeskAutocad Civil 3d2023
AutodeskAutocad Electrical2019
AutodeskAutocad Electrical2020
AutodeskAutocad Electrical2021
AutodeskAutocad Electrical2022
AutodeskAutocad Electrical2023
AutodeskAutocad Lt2019
AutodeskAutocad Lt2020
AutodeskAutocad Lt2021
AutodeskAutocad Lt2022
AutodeskAutocad Lt2023
AutodeskAutocad Map 3d2019
AutodeskAutocad Map 3d2020
AutodeskAutocad Map 3d2021
AutodeskAutocad Map 3d2022
AutodeskAutocad Map 3d2023
AutodeskAutocad Mechanical2019
AutodeskAutocad Mechanical2020
AutodeskAutocad Mechanical2021
AutodeskAutocad Mechanical2022
AutodeskAutocad Mechanical2023
AutodeskAutocad Mep2019
AutodeskAutocad Mep2020
AutodeskAutocad Mep2021
AutodeskAutocad Mep2022
AutodeskAutocad Mep2023
AutodeskAutocad Plant 3d2019
AutodeskAutocad Plant 3d2020
AutodeskAutocad Plant 3d2021
AutodeskAutocad Plant 3d2022
AutodeskAutocad Plant 3d2023

Showing 50 of 51 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-42941?
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
How severe is CVE-2022-42941?
CVE-2022-42941 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.37% probability of exploitation in the next 30 days.
How do I fix CVE-2022-42941?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-42941?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST