CVE-2022-27871
HIGHAutodesk AutoCAD, Advance Steel, Revit, Design Review, Navisworks - Memory Corruption via PDFTron PDF Parser
Title source: llmDescription
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011
Scores
CVSS v3
7.8
EPSS
0.0037
EPSS Percentile
58.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-770
Status
published
Products (48)
autodesk/3ds_max
2021
autodesk/3ds_max
2022
autodesk/advance_steel
2019
autodesk/advance_steel
2020
autodesk/advance_steel
2021
autodesk/advance_steel
2022
autodesk/autocad
2019
autodesk/autocad
2020
autodesk/autocad
2021
autodesk/autocad
2022 (2 CPE variants)
... and 38 more
Published
Jun 21, 2022
Tracked Since
Feb 18, 2026