Heap-Based Buffer Overflow in Autodesk Design Review
CVE-2021-27034

7.8HIGH

Key Information:

Vendor

Autodesk
Status
Autodesk Design Review
Vendor
CVE Published:
9 July 2021

What is CVE-2021-27034?

A heap-based buffer overflow may occur when parsing PICT, PCX, RCL, or TIFF files in various versions of Autodesk Design Review. This vulnerability can be exploited allowing attackers to execute arbitrary code, potentially compromising the system's integrity and confidentiality.

Affected Version(s)

Autodesk Design Review 2018, 2017, 2013, 2012, 2011

References

https://www.autodesk.com/trust/security-advisories/adsk-s...
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1127/
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1132/
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.