CVE-2022-27871: Buffer Overflow
First published: Tue Jun 21 2022(Updated: )
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
Credit: psirt@autodesk.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Autodesk | =2021 | |
| Autodesk | =2022 | |
| Autodesk AutoCAD Advance Steel | =2019 | |
| Autodesk AutoCAD Advance Steel | =2020 | |
| Autodesk AutoCAD Advance Steel | =2021 | |
| Autodesk AutoCAD Advance Steel | =2022 | |
| Autodesk AutoCAD 2024 | =2019 | |
| Autodesk AutoCAD 2024 | =2020 | |
| Autodesk AutoCAD 2024 | =2021 | |
| Autodesk AutoCAD 2024 | =2022 | |
| Autodesk AutoCAD LT for macOS | =2022 | |
| AutoCAD | =2019 | |
| AutoCAD | =2020 | |
| AutoCAD | =2021 | |
| AutoCAD | =2022 | |
| Autodesk Civil 3D | =2019 | |
| Autodesk Civil 3D | =2020 | |
| Autodesk Civil 3D | =2021 | |
| Autodesk Civil 3D | =2022 | |
| AutoCAD | =2019 | |
| AutoCAD | =2020 | |
| AutoCAD | =2021 | |
| AutoCAD | =2022 | |
| Autodesk AutoCAD LT 2017 | =2019 | |
| Autodesk AutoCAD LT 2017 | =2020 | |
| Autodesk AutoCAD LT 2017 | =2021 | |
| Autodesk AutoCAD LT 2017 | =2022 | |
| Autodesk AutoCAD LT for macOS | =2022 | |
| AutoCAD | =2019 | |
| AutoCAD | =2020 | |
| AutoCAD | =2021 | |
| AutoCAD | =2022 | |
| AutoCAD | =2019 | |
| AutoCAD | =2020 | |
| AutoCAD | =2021 | |
| AutoCAD | =2022 | |
| AutoCAD | =2019 | |
| AutoCAD | =2020 | |
| AutoCAD | =2021 | |
| AutoCAD | =2022 | |
| AutoCAD | =2019 | |
| AutoCAD | =2020 | |
| AutoCAD | =2021 | |
| AutoCAD | =2022 | |
| Autodesk Design Review 2011 | =2018 | |
| Autodesk Navisworks | =2019 | |
| Autodesk Navisworks | =2020 | |
| Autodesk Navisworks | =2022 | |
| Autodesk Revit 2025 | =2020 | |
| Autodesk Revit 2025 | =2021 | |
| Autodesk Revit 2025 | =2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-27871?
CVE-2022-27871 is a vulnerability found in Autodesk AutoCAD product suite, Revit, Design Review, and Navisworks releases using PDFTron prior to version 9.1.17. It allows an attacker to write beyond the allocated buffer while parsing PDF files, potentially leading to the execution of arbitrary code.
Which software versions are affected by CVE-2022-27871?
The affected software versions include Autodesk 3ds Max 2021 and 2022, Autodesk Advance Steel 2019, 2020, 2021, and 2022, Autodesk Autocad 2019, 2020, 2021, and 2022 (including macOS), Autodesk Autocad Architecture 2019, 2020, 2021, and 2022, Autodesk Autocad Civil 3d 2019, 2020, 2021, and 2022, Autodesk AutoCAD Electrical 2019, 2020, 2021, and 2022, Autodesk Autocad LT 2019, 2020, 2021, and 2022 (including macOS), Autodesk AutoCAD Map 3D 2019, 2020, 2021, and 2022, Autodesk AutoCAD Mechanical 2019, 2020, 2021, and 2022, Autodesk AutoCAD MEP 2019, 2020, 2021, and 2022, Autodesk AutoCAD Plant 3D 2019, 2020, 2021, and 2022, Autodesk Design Review 2018, and Autodesk Navisworks 2019, 2020, and 2022.
What is the severity of CVE-2022-27871?
CVE-2022-27871 has a severity rating of 7.8, which is considered high.
How can CVE-2022-27871 be exploited?
CVE-2022-27871 can be exploited by parsing malicious PDF files, which can lead to the execution of arbitrary code.
Is there a fix for CVE-2022-27871?
Yes, upgrading to version 9.1.17 or higher of PDFTron will fix the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/autodesk
- canonical/autodesk
- version/autodesk/2021
- version/autodesk/2022
- canonical/autodesk autocad advance steel
- version/autodesk autocad advance steel/2019
- version/autodesk autocad advance steel/2020
- version/autodesk autocad advance steel/2021
- version/autodesk autocad advance steel/2022
- canonical/autodesk autocad 2024
- version/autodesk autocad 2024/2019
- version/autodesk autocad 2024/2020
- version/autodesk autocad 2024/2021
- version/autodesk autocad 2024/2022
- canonical/autodesk autocad lt for macos
- version/autodesk autocad lt for macos/2022
- canonical/autocad
- version/autocad/2019
- version/autocad/2020
- version/autocad/2021
- version/autocad/2022
- canonical/autodesk civil 3d
- version/autodesk civil 3d/2019
- version/autodesk civil 3d/2020
- version/autodesk civil 3d/2021
- version/autodesk civil 3d/2022
- canonical/autodesk autocad lt 2017
- version/autodesk autocad lt 2017/2019
- version/autodesk autocad lt 2017/2020
- version/autodesk autocad lt 2017/2021
- version/autodesk autocad lt 2017/2022
- canonical/autodesk design review 2011
- version/autodesk design review 2011/2018
- canonical/autodesk navisworks
- version/autodesk navisworks/2019
- version/autodesk navisworks/2020
- version/autodesk navisworks/2022
- canonical/autodesk revit 2025
- version/autodesk revit 2025/2020
- version/autodesk revit 2025/2021
- version/autodesk revit 2025/2022