CVE-2021-27042

HIGH

Autodesk Advance Steel 2019-<2019.1.3 - Remote Code Execution via Malicious DWG File

Title source: llm

Description

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007

Scores

CVSS v3 7.8

EPSS 0.0037

EPSS Percentile 58.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-755

Status published

Products (10)

autodesk/advance_steel 2019 - 2019.1.3

autodesk/autocad 2019 - 2019.1.3

autodesk/autocad_architecture 2019 - 2019.1.3

autodesk/autocad_electrical 2019 - 2019.1.3

autodesk/autocad_lt 2019 - 2019.1.3

autodesk/autocad_map_3d 2019 - 2019.1.3

autodesk/autocad_mechanical 2019 - 2019.1.3

autodesk/autocad_mep 2019 - 2019.1.3

autodesk/autocad_plant_3d 2019 - 2019.1.3

autodesk/civil_3d 2019 - 2019.1.3

Published Jun 25, 2021

Tracked Since Feb 18, 2026