vulnerability

AutoDesk AutoCAD: CVE-2022-33889: ADSK-SA-2022-0020

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Sep 22, 2022	Jul 22, 2025	May 29, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Sep 22, 2022

Added

Jul 22, 2025

Modified

May 29, 2026

Description

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, AutoCAD 2023, 2022, 2021, and 2020 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.

Solution

autodesk-autocad-upgrade-latest

References

CVE-2022-33889
https://attackerkb.com/topics/CVE-2022-33889
https://www.cve.org/CVERecord?id=CVE-2022-33889
https://www.autodesk.com/trust/security-advisories/ADSK-SA-2022-0020
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-36927
CWE-787
EUVD-EUVD-2022-36927

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report