First published: Fri Jul 29 2022(Updated: )
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Credit: psirt@autodesk.com
Affected Software | Affected Version | How to fix |
---|---|---|
Autodesk Design Review | =2011 | |
Autodesk Design Review | =2012 | |
Autodesk Design Review | =2013 | |
Autodesk Design Review | =2017 | |
Autodesk Design Review | =2018 | |
Autodesk Design Review | =2018-hotfix | |
Autodesk Design Review | =2018-hotfix2 | |
Autodesk Design Review | =2018-hotfix3 | |
Autodesk Design Review | =2018-hotfix4 | |
Autodesk Design Review | =2018-hotfix5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-27864 is a Double Free vulnerability that allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations.
CVE-2022-27864 affects multiple versions of Autodesk Design Review, including 2011, 2012, 2013, 2017, 2018, and corresponding hotfix versions.
To exploit CVE-2022-27864, user interaction is required, such as visiting a malicious page or opening a malicious file.
CVE-2022-27864 has a severity rating of 8.8 (high).
To fix CVE-2022-27864, it is recommended to apply the security advisory provided by Autodesk, which can be found at the reference link.