CVE-2022-27527

Published: Apr 19, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020.

Affected (4)

Products: Autodesk: Navisworks

Autodesk

1 product

Navisworks

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Autodesk Navisworks	From 2019 to 2019.6
Autodesk Navisworks	From 2020 to 2020.4
Autodesk Navisworks	From 2021 to 2021.3
Autodesk Navisworks	From 2022 to 2022.2

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010

Source: psirt@autodesk.com

Vendor Advisory

https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.