First published: Fri Jul 09 2021(Updated: )
A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.
Credit: psirt@autodesk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Autodesk Design Review | =2011 | |
Autodesk Design Review | =2012 | |
Autodesk Design Review | =2013 | |
Autodesk Design Review | =2017 | |
Autodesk Design Review | =2018 | |
Autodesk Design Review | =2018-hotfix | |
Autodesk Design Review | =2018-hotfix2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-27037 is a vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, and 2011 that allows remote attackers to execute arbitrary code by exploiting a flaw in parsing maliciously crafted PNG, PDF, or DWF files.
CVE-2021-27037 has a severity level of 7.8, which is considered high.
Autodesk Design Review versions 2018, 2017, 2013, 2012, and 2011 are affected by CVE-2021-27037.
CVE-2021-27037 can be exploited by remote malicious actors through the use of specially crafted PNG, PDF, or DWF files in Autodesk Design Review.
It is recommended to update to the latest version of Autodesk Design Review to mitigate the vulnerability associated with CVE-2021-27037.