CVE-2022-27865
HIGHAutodesk Design Review - Out-of-bounds Write via TGA or PCX File Parsing
Title source: llmDescription
A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0009
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
18.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (5)
autodesk/design_review
2011
autodesk/design_review
2012
autodesk/design_review
2013
autodesk/design_review
2017
autodesk/design_review
2018 (6 CPE variants)
Published
Jul 29, 2022
Tracked Since
Feb 18, 2026