Memory Corruption Vulnerability in PDFTron by PDFTron Systems Inc.
CVE-2021-40161

7.8HIGH

Key Information:

Vendor: Autodesk
Status: Revit, Navisworks, Autodesk® Advance Steel, Autocad®, Autocad® Architecture, Autocad® Electrical, Autocad® Map 3d, Autocad® Mechanical, Autocad® Mep, Autocad® Plant 3d, Autocad® Lt, Autodesk® Civil 3d, Autocad® Mac, Autocad® Lt For Mac
Vendor: CVE Published:; 23 December 2021

Summary

A memory corruption vulnerability in PDFTron allows attackers to exploit improperly handled DLL files, potentially resulting in unauthorized code execution. This issue affects all versions prior to 9.0.7, making it imperative for users to upgrade to the latest version to ensure system integrity and security. Maliciously crafted DLL files could be used in a targeted attack, emphasizing the urgency for timely patches.

Affected Version(s)

Revit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac prior to 9.0.7

References

https://www.autodesk.com/trust/security-advisories/adsk-s...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 23, 2021
Vulnerability Reserved
Aug 27, 2021