Double Free

CVE-2022-25796

High

7.8/10

Summary

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-415 - Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References

Advisory Timeline

Published Apr 11, 2022

Double Free

CVE-2022-25796

Summary

CWE-415 - Double Free

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS