Lucene search

[email protected]CVE-2021-27034

HistoryJul 09, 2021 - 3:15 p.m.

CVE-2021-27034

2021-07-0915:15:07

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-27034

buffer overflow

pict

pcx

rcl

tiff

autodesk design review

arbitrary code execution

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.0%

JSON

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

Affected configurations

NVD

Node

autodeskdesign_reviewMatch2011

autodeskdesign_reviewMatch2012

autodeskdesign_reviewMatch2013

autodeskdesign_reviewMatch2017

autodeskdesign_reviewMatch2018

CPENameOperatorVersion
autodesk:design_reviewautodesk design revieweq2011
autodesk:design_reviewautodesk design revieweq2012
autodesk:design_reviewautodesk design revieweq2013
autodesk:design_reviewautodesk design revieweq2017
autodesk:design_reviewautodesk design revieweq2018

CPE	Name	Operator	Version
autodesk:design_review	autodesk design review	eq	2011
autodesk:design_review	autodesk design review	eq	2012
autodesk:design_review	autodesk design review	eq	2013
autodesk:design_review	autodesk design review	eq	2017
autodesk:design_review	autodesk design review	eq	2018

CNA Affected

[
  {
    "product": "Autodesk Design Review",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "2018, 2017, 2013, 2012, 2011"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003

www.zerodayinitiative.com/advisories/ZDI-21-1125/

www.zerodayinitiative.com/advisories/ZDI-21-1126/

www.zerodayinitiative.com/advisories/ZDI-21-1127/

www.zerodayinitiative.com/advisories/ZDI-21-1128/

www.zerodayinitiative.com/advisories/ZDI-21-1129/

www.zerodayinitiative.com/advisories/ZDI-21-1130/

www.zerodayinitiative.com/advisories/ZDI-21-1131/

www.zerodayinitiative.com/advisories/ZDI-21-1132/

Social References

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.0%

JSON

Related for CVE-2021-27034

zdi16 prion1 nvd1 cvelist1 cnvd1 nessus1