nvd-json-data-feeds/CVE-2022/CVE-2022-278xx/CVE-2022-27870.json

{
  "id": "CVE-2022-27870",
  "sourceIdentifier": "psirt@autodesk.com",
  "published": "2022-06-21T15:15:08.820",
  "lastModified": "2022-06-29T17:30:43.073",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Un archivo TGA dise\u00f1ado de forma maliciosa en Autodesk AutoCAD 2023 puede usarse para escribir m\u00e1s all\u00e1 del b\u00fafer asignado mientras es analizado el archivo TGA. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*",
              "matchCriteriaId": "2241C287-9396-4AD8-B93C-3596394AB2D3"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
      "source": "psirt@autodesk.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}