PT-2021-3517 · Autodesk · Autodesk Design Review

Mat Powell

Published

2021-01-29

Updated

2021-12-08

CVE-2021-27034

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Autodesk Design Review versions 2011 through 2018

Description A heap-based buffer overflow could occur while parsing certain file formats, including PICT, PCX, RCL, or TIFF files. This issue can be exploited to execute arbitrary code. The vulnerability is related to the implementation of syntax analysis for PICT files and is associated with a buffer overflow in the heap, allowing a remote attacker to execute arbitrary code.

Recommendations For Autodesk Design Review versions 2011 through 2018, update to a version that includes a fix for the heap-based buffer overflow vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

BDU:2021-03566

CVE-2021-27034

ZDI-21-1125

ZDI-21-1126

ZDI-21-1127

ZDI-21-1128

ZDI-21-1129

ZDI-21-1130

ZDI-21-1131

ZDI-21-1132

ZDI-21-716

ZDI-21-720

ZDI-21-721

ZDI-21-722

ZDI-21-729

ZDI-21-730

ZDI-21-732

ZDI-21-734

Affected Products

Autodesk Design Review

PT-2021-3517 · Autodesk · Autodesk Design Review

CVE-2021-27034

Weakness Enumeration

Related Identifiers

Affected Products

References · 23