PT-2021-3515 · Autodesk · Autodesk Design Review

Published

2021-01-29

Updated

2022-05-12

CVE-2021-27037

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Autodesk Design Review versions 2011 through 2018

Description The issue is related to the parsing of PNG, PDF, or DWF files, which can lead to a use-after-free condition, allowing remote malicious actors to execute arbitrary code. This can occur when a maliciously crafted file is used to attempt to free an object that has already been freed.

Recommendations For Autodesk Design Review versions 2011 through 2018, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

BDU:2021-03564

CVE-2021-27037

ZDI-21-1319

ZDI-21-717

ZDI-21-719

ZDI-21-740

ZDI-22-459

Affected Products

Autodesk Design Review

PT-2021-3515 · Autodesk · Autodesk Design Review

CVE-2021-27037

Weakness Enumeration

Related Identifiers

Affected Products

References · 14