CVE-2022-27866

HIGH

Autodesk Design Review - Out-of-bounds Read via Malicious TIFF File

Title source: llm
STIX 2.1

Description

A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0023
EPSS Percentile 13.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-125
Status published
Products (5)
autodesk/design_review 2011
autodesk/design_review 2012
autodesk/design_review 2013
autodesk/design_review 2017
autodesk/design_review 2018 (6 CPE variants)
Published Jul 29, 2022
Tracked Since Feb 18, 2026