vulnerability

AutoDesk AutoCAD: CVE-2022-33889: Applications and services that utilize Image Processing component used by Autodesk products may be impacted by Out-of-bound Read, Heap-based Overflow, Out-of-bound Write, Memory corruption, and Use-after-free vulnerabilities.

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Dec 14, 2022	Jul 22, 2025	Jul 22, 2025

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Dec 14, 2022

Added

Jul 22, 2025

Modified

Jul 22, 2025

Description

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review, AutoCAD 2023, 2022, 2021, and 2020 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.

Solution

autodesk-autocad-upgrade-latest

References

CVE-2022-33889
https://attackerkb.com/topics/CVE-2022-33889
URL-https://www.cve.org/CVERecord?id=CVE-2022-33889
URL-https://www.autodesk.com/trust/security-advisories/ADSK-SA-2022-0025
CWE-787

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today