CVE-2022-27526

HIGH

Autodesk Design Review - Out-of-bounds Write via Crafted TGA File

Title source: llm

Description

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004

Scores

CVSS v3 7.8

EPSS 0.0034

EPSS Percentile 57.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (5)

autodesk/design_review 2011

autodesk/design_review 2012

autodesk/design_review 2013

autodesk/design_review 2017

autodesk/design_review 2018 (5 CPE variants)

Published Apr 18, 2022

Tracked Since Feb 18, 2026