CVE-2021-27036

HIGH

Autodesk Design Review - Out-of-bounds Write via Malicious Image File Parsing

Title source: llm

Description

A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Scores

CVSS v3 7.8

EPSS 0.0027

EPSS Percentile 50.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (5)

autodesk/design_review 2011

autodesk/design_review 2012

autodesk/design_review 2013

autodesk/design_review 2017

autodesk/design_review 2018 (4 CPE variants)

Published Jul 09, 2021

Tracked Since Feb 18, 2026