CVE-2021-27037
HIGHAutodesk Design Review 2011-2018 - Use-After-Free in PNG/PDF/DWF File Parsing
Title source: llmDescription
A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
Scores
CVSS v3
7.8
EPSS
0.0048
EPSS Percentile
65.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (5)
autodesk/design_review
2011
autodesk/design_review
2012
autodesk/design_review
2013
autodesk/design_review
2017
autodesk/design_review
2018 (3 CPE variants)
Published
Jul 09, 2021
Tracked Since
Feb 18, 2026