CVE-2021-27043
First published: Fri Jun 25 2021(Updated: )
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk AutoCAD Advance Steel | >=2019<2019.1.3 | |
| Autodesk AutoCAD Advance Steel | >=2020<2020.1.4 | |
| Autodesk AutoCAD Advance Steel | >=2021<2021.1.1 | |
| Autodesk AutoCAD Advance Steel | >=2022<2022.0.1 | |
| AutoCAD | >=2019<2019.1.3 | |
| AutoCAD | >=2020<2020.1.4 | |
| AutoCAD | >=2021<2021.1.1 | |
| AutoCAD | >=2022<2022.0.1 | |
| AutoCAD | >=2019<2019.1.3 | |
| AutoCAD | >=2020<2020.1.4 | |
| AutoCAD | >=2021<2021.1.1 | |
| AutoCAD | >=2022<=2022.0.1 | |
| AutoCAD | >=2019<2019.1.3 | |
| AutoCAD | >=2020<2020.1.4 | |
| AutoCAD | >=2021<2021.1.1 | |
| AutoCAD | >=2022<2022.0.1 | |
| AutoCAD LT | >=2019<2019.1.3 | |
| AutoCAD LT | >=2020<2020.1.4 | |
| AutoCAD LT | >=2021<2021.1.1 | |
| AutoCAD LT | >=2022<2022.0.1 | |
| AutoCAD | >=2019<2019.1.3 | |
| AutoCAD | >=2020<2020.1.4 | |
| AutoCAD | >=2021<2021.1.1 | |
| AutoCAD | >=2022<2022.0.1 | |
| AutoCAD | >=2019<2019.1.3 | |
| AutoCAD | >=2020<2020.1.4 | |
| AutoCAD | >=2021<2021.1.1 | |
| AutoCAD | >=2022<2022.0.1 | |
| AutoCAD | >=2019<2019.1.3 | |
| AutoCAD | >=2020<2020.1.4 | |
| AutoCAD | >=2021<2021.1.1 | |
| AutoCAD | >=2022<2022.0.1 | |
| AutoCAD | >=2019<2019.1.3 | |
| AutoCAD | >=2020<2020.1.4 | |
| AutoCAD | >=2021<2021.1.1 | |
| AutoCAD | >=2022<2022.0.1 | |
| Autodesk AutoCAD Civil 3D | >=2019<2019.1.3 | |
| Autodesk AutoCAD Civil 3D | >=2020<2020.1.4 | |
| Autodesk AutoCAD Civil 3D | >=2021<2021.1.1 | |
| Autodesk AutoCAD Civil 3D | >=2022<2022.0.1 | |
| Autodesk DWG TrueView | >=2022<2022.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-27043?
CVE-2021-27043 is an Arbitrary Address Write issue in the Autodesk DWG application.
How does CVE-2021-27043 affect the Autodesk DWG application?
CVE-2021-27043 can allow a malicious user to leverage the application to write in unexpected paths.
How severe is CVE-2021-27043?
CVE-2021-27043 has a severity rating of 7.8 (high).
What software versions are affected by CVE-2021-27043?
Autodesk Advance Steel versions 2019-2022, Autodesk Autocad versions 2019-2022, Autodesk AutoCAD Architecture versions 2019-2022, Autodesk AutoCAD Electrical versions 2019-2022, Autodesk Autocad Lt versions 2019-2022, Autodesk AutoCAD Map 3D versions 2019-2022, Autodesk AutoCAD Mechanical versions 2019-2022, Autodesk AutoCAD MEP versions 2019-2022, Autodesk AutoCAD Plant 3D versions 2019-2022, Autodesk Civil 3D versions 2019-2022, and Autodesk Dwg Trueview version 2022.
How can CVE-2021-27043 be mitigated?
To mitigate CVE-2021-27043, victim users should disable full page heap in the Autodesk DWG application.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/autodesk
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2019
- version/autodesk autocad advance steel/2020
- version/autodesk autocad advance steel/2021
- version/autodesk autocad advance steel/2022
- canonical/autocad
- version/autocad/2019
- version/autocad/2020
- version/autocad/2021
- version/autocad/2022
- version/autocad/2022.0.1
- canonical/autocad lt
- version/autocad lt/2019
- version/autocad lt/2020
- version/autocad lt/2021
- version/autocad lt/2022
- canonical/autodesk autocad civil 3d
- version/autodesk autocad civil 3d/2019
- version/autodesk autocad civil 3d/2020
- version/autodesk autocad civil 3d/2021
- version/autodesk autocad civil 3d/2022
- canonical/autodesk dwg trueview
- version/autodesk dwg trueview/2022