CVE-2022-27525

HIGH

Autodesk Design Review - Out-of-bounds Write via Crafted DWF or PCT File

Title source: llm

Description

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Scores

CVSS v3 7.8

EPSS 0.0034

EPSS Percentile 57.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (5)

autodesk/design_review 2011

autodesk/design_review 2012

autodesk/design_review 2013

autodesk/design_review 2017

autodesk/design_review 2018 (5 CPE variants)

Published Apr 18, 2022

Tracked Since Feb 18, 2026