CVE-2021-27037

Published: Jul 9, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.

Affected (7)

Products: Autodesk: Design Review

Autodesk

1 product

Design Review

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Autodesk Design Review	Version 2011
Autodesk Design Review	Version 2012
Autodesk Design Review	Version 2013
Autodesk Design Review	Version 2017
Autodesk Design Review	Version 2018
Autodesk Design Review	Version 2018 hotfix2
Autodesk Design Review	Version 2018 hotfix

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.