PT-2021-3514 · Autodesk · Autodesk Design Review

Published

2021-04-14

Updated

2022-05-12

CVE-2021-27035

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Autodesk Design Review versions 2011 through 2018

Description The issue is related to the parsing of certain file formats, including TIFF, TIF, PICT, TGA, and DWF, which can lead to reading beyond allocated boundaries in memory. This can potentially allow a remote attacker to execute arbitrary code. The vulnerability can be exploited by using maliciously crafted files in Autodesk Design Review.

Recommendations For Autodesk Design Review versions 2011 through 2018, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

BDU:2021-03563

CVE-2021-27035

ZDI-21-1133

ZDI-21-1134

ZDI-21-1135

ZDI-21-1136

ZDI-21-1137

ZDI-21-1139

ZDI-21-1140

ZDI-21-1315

ZDI-21-1316

ZDI-21-1318

ZDI-21-723

ZDI-21-724

ZDI-21-726

ZDI-21-727

ZDI-21-731

ZDI-21-736

ZDI-21-737

ZDI-21-738

ZDI-21-739

ZDI-21-741

ZDI-21-742

ZDI-21-749

ZDI-21-750

ZDI-21-751

ZDI-21-752

ZDI-21-753

ZDI-21-775

ZDI-21-777

ZDI-22-480

ZDI-22-481

Affected Products

Autodesk Design Review

PT-2021-3514 · Autodesk · Autodesk Design Review

CVE-2021-27035

Weakness Enumeration

Related Identifiers

Affected Products

References · 40