CVE-2021-27035
Summary
| CVE | CVE-2021-27035 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-07-09 15:15:00 UTC |
| Updated | 2022-05-12 16:57:00 UTC |
| Description | A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Autodesk | Design Review | 2011 | All | All | All |
| Application | Autodesk | Design Review | 2012 | All | All | All |
| Application | Autodesk | Design Review | 2013 | All | All | All |
| Application | Autodesk | Design Review | 2017 | All | All | All |
| Application | Autodesk | Design Review | 2018 | All | All | All |
| Application | Autodesk | Design Review | 2018 | - | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix2 | All | All |
| Application | Autodesk | Design Review | 2018 | hotfix3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisories | Autodesk Trust Center | MISC | www.autodesk.com | |
| ZDI-21-1134 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| ZDI-21-1136 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| ZDI-21-1135 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| ZDI-21-1140 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| ZDI-22-480 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| ZDI-21-1137 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| ZDI-22-481 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| Security Advisories | Autodesk Trust Center | MISC | www.autodesk.com | |
| ZDI-21-1139 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| ZDI-21-1133 | Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 375926 Autodesk Design Review Multiple Vulnerabilities (ADSK-SA-2021-0003)