CVE-2021-27042

Published: Jun 25, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.

Affected (40)

Products: Autodesk: Advance Steel, Autocad, Autocad Architecture, Autocad Electrical, Autocad Lt, Autocad Map 3d, Autocad Mechanical, Autocad Mep, Autocad Plant 3d, Civil 3d

10 products

Configuration A

40 vulnerable

Vulnerable Software	Affected Versions
Autodesk Advance Steel	From 2019 to 2019.1.3
Autodesk Advance Steel	From 2020 to 2020.1.4
Autodesk Advance Steel	From 2021 to 2021.1.1
Autodesk Advance Steel	From 2022 to 2022.0.1
Autodesk Autocad	From 2019 to 2019.1.3
Autodesk Autocad	From 2020 to 2020.1.4
Autodesk Autocad	From 2021 to 2021.1.1
Autodesk Autocad	From 2022 to 2022.0.1
Autodesk Autocad Architecture	From 2019 to 2019.1.3
Autodesk Autocad Architecture	From 2020 to 2020.1.4
Autodesk Autocad Architecture	From 2021 to 2021.1.1
Autodesk Autocad Architecture	From 2022 to 2022.0.1
Autodesk Autocad Electrical	From 2019 to 2019.1.3
Autodesk Autocad Electrical	From 2020 to 2020.1.4
Autodesk Autocad Electrical	From 2021 to 2021.1.1
Autodesk Autocad Electrical	From 2022 to 2022.0.1
Autodesk Autocad Lt	From 2019 to 2019.1.3
Autodesk Autocad Lt	From 2020 to 2020.1.4
Autodesk Autocad Lt	From 2021 to 2021.1.1
Autodesk Autocad Lt	From 2022 to 2022.0.1
Autodesk Autocad Map 3d	From 2019 to 2019.1.3
Autodesk Autocad Map 3d	From 2020 to 2020.1.4
Autodesk Autocad Map 3d	From 2021 to 2021.1.1
Autodesk Autocad Map 3d	From 2022 to 2022.0.1
Autodesk Autocad Mechanical	From 2019 to 2019.1.3
Autodesk Autocad Mechanical	From 2020 to 2020.1.4
Autodesk Autocad Mechanical	From 2021 to 2021.1.1
Autodesk Autocad Mechanical	From 2022 to 2022.0.1
Autodesk Autocad Mep	From 2019 to 2019.1.3
Autodesk Autocad Mep	From 2020 to 2020.1.4
Autodesk Autocad Mep	From 2021 to 2021.1.1
Autodesk Autocad Mep	From 2022 to 2022.0.1
Autodesk Autocad Plant 3d	From 2019 to 2019.1.3
Autodesk Autocad Plant 3d	From 2020 to 2020.1.4
Autodesk Autocad Plant 3d	From 2021 to 2021.1.1
Autodesk Autocad Plant 3d	From 2022 to 2022.0.1
Autodesk Civil 3d	From 2019 to 2019.1.3
Autodesk Civil 3d	From 2020 to 2020.1.4
Autodesk Civil 3d	From 2021 to 2021.1.1
Autodesk Civil 3d	From 2022 to 2022.0.1

Related CWEs

CWE-755

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.