CVE-2022-33884
High
Published: 03 October 2022
Published
03 October 2022
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.0076
73.8th percentile
Risk Priority
15
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2022-33884 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Autodesk Autocad. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 26.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-36922
Vulnerability details
Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
autodesk
autocad
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad advance steel
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad architecture
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad civil 3d
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad electrical
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad lt
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad map 3d
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad mechanical
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad mep
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
autodesk
autocad plant 3d
2020 — 2020.1.6 · 2021 — 2021.1.3 · 2022 — 2022.1.3
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.