{"api_version":"1","generated_at":"2026-04-23T09:40:04+00:00","cve":"CVE-2021-27039","urls":{"html":"https://cve.report/CVE-2021-27039","api":"https://cve.report/api/cve/CVE-2021-27039.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-27039","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-27039"},"summary":{"title":"CVE-2021-27039","description":"A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code.","state":"PUBLIC","assigner":"psirt@autodesk.com","published_at":"2021-07-09 15:15:00","updated_at":"2022-04-25 19:12:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003","name":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003","refsource":"MISC","tags":[],"title":"Security Advisories | Autodesk Trust Center","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004","name":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004","refsource":"MISC","tags":[],"title":"Security Advisories | Autodesk Trust Center","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-22-505/","name":"https://www.zerodayinitiative.com/advisories/ZDI-22-505/","refsource":"MISC","tags":[],"title":"ZDI-22-505 | Zero Day Initiative","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-27039","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27039","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"27039","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"autodesk","cpe5":"autocad","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"27039","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"autodesk","cpe5":"design_review","cpe6":"2011","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"27039","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"autodesk","cpe5":"design_review","cpe6":"2012","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"27039","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"autodesk","cpe5":"design_review","cpe6":"2013","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"27039","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"autodesk","cpe5":"design_review","cpe6":"2017","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"27039","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"autodesk","cpe5":"design_review","cpe6":"2018","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-27039","qid":"375926","title":"Autodesk Design Review Multiple Vulnerabilities (ADSK-SA-2021-0003)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-27039","ASSIGNER":"psirt@autodesk.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Autodesk Design Review","version":{"version_data":[{"version_value":"2018, 2017, 2013, 2012, 2011"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Uninitialized Variable Vulnerability"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004","url":"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"}]},"description":{"description_data":[{"lang":"eng","value":"A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code."}]}},"nvd":{"publishedDate":"2021-07-09 15:15:00","lastModifiedDate":"2022-04-25 19:12:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*","versionEndExcluding":"2022.1.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"27039","Ordinal":"202123","Title":"CVE-2021-27039","CVE":"CVE-2021-27039","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"27039","Ordinal":"1","NoteData":"A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"27039","Ordinal":"2","NoteData":"2021-07-09","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"27039","Ordinal":"3","NoteData":"2021-11-10","Type":"Other","Title":"Modified"}]}}}