PT-2022-4319 · Pdftron+1 · Pdftron+4
Published
2022-05-25
·
Updated
2022-06-29
·
CVE-2022-27871
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Autodesk AutoCAD product suite versions prior to 9.1.17
Revit versions prior to 9.1.17
Design Review versions prior to 9.1.17
Navisworks releases versions prior to 9.1.17
Description
The issue is related to the PDFTron component in Autodesk software, which can be exploited to execute arbitrary code when parsing PDF files. This is due to a buffer overflow vulnerability, allowing writing beyond the allocated buffer. The vulnerability can be exploited by a remote attacker.
Recommendations
For Autodesk AutoCAD product suite versions prior to 9.1.17, update to version 9.1.17 or later.
For Revit versions prior to 9.1.17, update to version 9.1.17 or later.
For Design Review versions prior to 9.1.17, update to version 9.1.17 or later.
For Navisworks releases versions prior to 9.1.17, update to version 9.1.17 or later.
As a temporary workaround, consider restricting the use of the PDFTron component until a patch is available. Avoid using the PDFTron component to parse PDF files until the issue is resolved.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Autodesk Autocad
Design Review
Navisworks
Pdftron
Revit