CVE-2021-27036

Name of the Vulnerable Software and Affected Versions Autodesk Design Review versions 2011 through 2018 Autodesk AutoCAD (affected versions not specified)

Description The issue is related to a buffer overflow in the parsing of various file formats, including PDF, PCX, PICT, RCL, TIF, BMP, and PSD. This can be exploited by a remote attacker using a maliciously crafted file to execute arbitrary code. The vulnerability is caused by writing beyond the allocated buffer while parsing these files.

Recommendations For Autodesk Design Review versions 2011 through 2018, update to a version that includes the fix for this issue. For Autodesk AutoCAD, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of file parsing functions for the affected formats until a patch is available. Avoid using the vulnerable file parsing functionality for PCX, PDF, PICT, RCL, TIF, BMP, and PSD files until the issue is resolved.