CVE-2021-40167
First published: Tue Jan 25 2022(Updated: )
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Credit: psirt@autodesk.com psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk Design Review | =2018 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-40167.
What software is affected by this vulnerability?
The Autodesk Design Review software version 2018 is affected by this vulnerability.
What is the severity of CVE-2021-40167?
CVE-2021-40167 has a severity rating of 7.8 (high).
How can this vulnerability be exploited?
A maliciously crafted dwf or .pct file, when consumed through the DesignReview.exe application, could lead to memory corruption and code execution in the current process.
Is there a fix available for CVE-2021-40167?
To mitigate this vulnerability, it is recommended to update the Autodesk Design Review software to a version that is not affected.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/event
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/autodesk
- canonical/autodesk design review
- version/autodesk design review/2018