What is CVE-2021-27034?

CVE-2021-27034 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review.

How can this vulnerability be exploited?

User interaction is required to exploit this vulnerability, such as visiting a malicious page or opening a malicious file.

Which versions of Autodesk Design Review are affected?

Autodesk Design Review 2011, 2012, 2013, 2017, and 2018 are affected by this vulnerability.

What is the severity of CVE-2021-27034?

The severity of CVE-2021-27034 is high, with a CVSS score of 7.8.

Are there any references for further information?

Yes, you can find more information about CVE-2021-27034 in the Autodesk Security Advisory [link] and the Zero Day Initiative advisories [link1] [link2].

Vulnerability/
CVE-2021-27034

high

7.8

CWE

787 119

9/7/2021

3/8/2024

CVE-2021-27034: Autodesk Design Review DWF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

First published: Fri Jul 09 2021(Updated: )

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

Credit: psirt@autodesk.com

Affected Software	Affected Version	How to fix
Autodesk Design Review	=2011
Autodesk Design Review	=2012
Autodesk Design Review	=2013
Autodesk Design Review	=2017
Autodesk Design Review	=2018

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-27034?
CVE-2021-27034 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review.
How can this vulnerability be exploited?
User interaction is required to exploit this vulnerability, such as visiting a malicious page or opening a malicious file.
Which versions of Autodesk Design Review are affected?
Autodesk Design Review 2011, 2012, 2013, 2017, and 2018 are affected by this vulnerability.
What is the severity of CVE-2021-27034?
The severity of CVE-2021-27034 is high, with a CVSS score of 7.8.
Are there any references for further information?
Yes, you can find more information about CVE-2021-27034 in the Autodesk Security Advisory [link] and the Zero Day Initiative advisories [link1] [link2].

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/title
agent/severity
agent/references
agent/weakness
collector/zdi-advisory
source/ZDI
alias/ZDI-21-1127
alias/ZDI-CAN-14238
alias/CVE-2021-27034
agent/software-canonical-lookup
alias/ZDI-21-1131
alias/ZDI-CAN-14247
agent/softwarecombine
agent/event
agent/first-publish-date
alias/ZDI-21-1125
alias/ZDI-CAN-13913
agent/tags
agent/description
alias/ZDI-21-1126
alias/ZDI-CAN-13948
alias/ZDI-21-1128
alias/ZDI-CAN-14241
alias/ZDI-21-1129
alias/ZDI-CAN-14244
alias/ZDI-21-1130
alias/ZDI-CAN-14245
alias/ZDI-21-1132
alias/ZDI-CAN-14248
vendor/autodesk
canonical/autodesk design review
version/autodesk design review/2011
version/autodesk design review/2012
version/autodesk design review/2013
version/autodesk design review/2017
version/autodesk design review/2018

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.