46 matches found
CVE-2021-27038
CVE-2021-27038 is a real vulnerability in Autodesk Design Review affecting 2011–2018 versions, caused by a type-confusion bug in PDF parsing that can lead to remote code execution. Exploitation details in public advisories indicate that user interaction is required (e.g., opening a crafted PDF or...
CVE-2019-7363
CVE-2019-7363 describes a use-after-free vulnerability in Autodesk Design Review for versions 2011, 2012, 2013 and 2018. The issue arises when processing malicious DWF files, which may leverage the use-after-free to achieve code execution. Connected records reiterate the same core details (root c...
CVE-2019-7362
Autodesk Design Review (Windows) is affected by a DLL preloading vulnerability (CVE-2019-7362) in ADR versions 2011, 2012, 2013, and 2018. The issue allows code execution if a user opens a malicious DWF file, due to how a DLL is loaded. Root cause: DLL preloading. Exploitation details, affected b...
CVE-2021-40163
CVE-2021-40163 is a memory corruption vulnerability in Autodesk Image Processing component that can lead to code execution via a malicious DLL. The NVD entry notes local attack vector, user interaction required, with a base score of 7.8 (HIGH). The issue is repeatedly described across sources as ...
CVE-2021-27035
CVE-2021-27035 affects Autodesk Design Review 2011–2018 (pre-2018 hotfix 4). The issue occurs when parsing TIFF, PICT, TGA or DWF files, where reads beyond allocated boundaries can occur, potentially enabling code execution in the context of the affected process when combined with other vulnerabi...
CVE-2022-27525
Autodesk AutoCAD/Design Review vulnerability CVE-2022-27525: A crafted .dwf or .pct file processed by DesignReview.exe can cause memory corruption via a write access violation, potentially enabling code execution in the current process. Affected product: Autodesk Design Review (and related Autode...
CVE-2021-40167
Autodesk Design Review is affected by CVE-2021-40167 through memory corruption in the DWF/.pct file parsing pathway, potentially enabling code execution. Multiple sources (NVD, ZDI, CNA/CNNVD) describe a vulnerability in the DesignReview.exe parser that can be triggered by maliciously crafted DWF...
CVE-2022-27526
The CVE-2022-27526 issue affects Autodesk Design Review. A maliciously crafted TGA file could trigger a memory corruption in DesignReview.exe, potentially enabling code execution in the context of the current process. Exploitation is consistent with a local attack requiring user interaction (per ...
CVE-2021-27041
CVE-2021-27041 affects Autodesk AutoCAD DWG file parsing. The flaw is an out-of-bounds write resulting from insufficient validation while parsing DWG data, allowing arbitrary code execution. Exploitation vectors involve opening a malicious DWG file (user interaction may be required per sources). ...
CVE-2021-40166
CVE-2021-40166 affects Autodesk Image Processing: parsing of a malicious PNG can trigger a use-after-free by freeing an object that has already been freed, potentially allowing arbitrary code execution. Documented impact is arbitrary code execution; no specific remediation/version fixes are state...
CVE-2021-27036
CVE-2021-27036 describes a buffer overflow in parsing multiple image/graphic formats (PCX, PICT, RCL, TIF/TIFF, BMP, PSD, PDF) that can allow remote code execution. The Red Hat advisory reproduces the description: a maliciously crafted file can write beyond the allocated buffer during parsing, en...
CVE-2021-40161
Summary (CVE-2021-40161) : The issue affects PDFTron software; memory corruption can enable remote code execution when processing PDFs containing malicious DLL references. Root cause is errors in the mechanism that checks the path to dynamically loaded libraries (DLLs). Affected products are PDFT...
CVE-2021-27037
Summary: CVE-2021-27037 affects Autodesk Design Review (multiple years). A maliciously crafted PNG, PDF or DWF file can trigger a use-after-free during parsing, enabling arbitrary code execution. Connected advisories corroborate remote code execution vectors requiring user action (e.g., opening a...
CVE-2021-27039
The CVE-2021-27039 entry describes a buffer/heap-based overflow when parsing TIFF and PCX files in Autodesk Design Review (and related Autodesk tooling such as AutoCAD context). The underlying issue is improper bounds/length validation during TIFF/PCX parsing, enabling read/write beyond allocated...
CVE-2022-42943
CVE-2022-42943 describes a memory corruption vulnerability in Autodesk Design Review’s DesignReview.exe triggered by a maliciously crafted .dwf/.pct file. The issue arises from a read access violation when parsing the file, and could lead to code execution in the context of the affected process. ...
CVE-2021-27033
CVE-2021-27033 is a Double Free vulnerability in Autodesk Design Review’s PDF parsing. Affected ADR versions (2011, 2012, 2013, 2017, 2018) can be exploited remotely by a user opening a malicious PDF/file or visiting a malicious page, leading to arbitrary code execution. The flaw stems from impro...
CVE-2021-40162
CVE-2021-40162 affects Autodesk Image Processing: a vulnerability where parsing TIFF/PICT/TGA/RLC files may cause reads beyond allocated boundaries, enabling arbitrary code execution. Root cause is in the image-processing component's handling of external image formats. Impact is high (AV Local, U...
CVE-2021-40160
CVE-2021-40160 affects PDFTron before 9.0.7, where parsing a malicious PDF can read beyond allocated boundaries, enabling arbitrary code execution. The primary public details come from Autodesk/AutoCAD disclosures and ZDI notes: exploitation is possible via crafted PDF data, and some analyses ind...
CVE-2021-40164
This CVE affects Autodesk Image Processing. A heap-based buffer overflow can occur while parsing TIFF, PICT, TGA, or RLC files, enabling arbitrary code execution. Root cause: improper handling during image parsing. Impact is high per sources; exploitation is possible when processing malformed ima...
CVE-2022-27864
CVE-2022-27864 concerns Autodesk Design Review (DesignReview.exe). The issue is a Double Free vulnerability that allows remote code execution through PDFs opened in affected installations. Exploitation requires user interaction: the target must visit a malicious page or open a malicious file. Mul...
CVE-2022-27871
CVE-2022-27871 affects Autodesk AutoCAD product suite, Revit, Design Review and Navisworks when using PDFTron prior to 9.1.17. The root cause is a boundary error while parsing PDF files, which can allow writing beyond the allocated buffer. This may enable arbitrary code execution on the affected ...
CVE-2022-33890
CVE-2022-33890 affects Autodesk Design Review through DesignReview.exe when processing a malicious PCT/DWF file, leading to a memory corruption via a read access violation. This could, in conjunction with other vulnerabilities, enable code execution in the current process. Multiple sources corrob...
CVE-2021-27034
Gleaned from connected docs: CVE-2021-27034 affects Autodesk Design Review (versions prior to 2018 hotfix 4 as per Nessus adsk-sa-2021-0003) and involves a heap-based buffer overflow during parsing of PICT, PCX, RCL or TIFF files. The root cause is improper bounds/length validation in the parsing...
CVE-2022-27865
The CVE-2022-27865 entry describes a buffer-overflow vulnerability in Autodesk Design Review’s DesignReview.exe when parsing TGA and PCX files. A maliciously crafted TGA/PCX file can cause writes beyond the allocated buffer, enabling arbitrary code execution. Affected software: Autodesk Design Re...
CVE-2022-33889
CVE-2022-33889 affects Autodesk Design Review 2018 and AutoCAD 2022–2023. The issue is a heap-buffer overflow when parsing malicious GIF/JPEG files, enabling arbitrary code execution. The Red Hat/NVD entries and security bulletins reference the same vulnerability across products; Autodesk advisor...
CVE-2021-40165
Summary: CVE-2021-40165 affects Autodesk Image Processing components. A crafted TIFF/PICT/TGA/RLC file can cause a write past the allocated buffer during parsing, potentially allowing arbitrary code execution. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, low attack complexity, ...
CVE-2022-41309
Autodesk Design Review (DesignReview.exe) is affected by CVE-2022-41309 via a memory corruption vulnerability triggered by processing a maliciously crafted .dwf or .pct file, which could lead to code execution in the current process context. The issue centers on a write access violation causing m...
CVE-2022-42934
CVE-2022-42934 describes a memory corruption vulnerability in Autodesk Design Review where processing a maliciously crafted .dwf/.pct file via DesignReview.exe can cause a write-Access violation, potentially enabling code execution in the current process. Public sources (NVD/Red Hat/CNNVD) consis...
CVE-2022-42933
Summary (CVE-2022-42933) : Multiple connected sources describe a memory corruption vulnerability in Autodesk Design Review, triggered when parsing maliciously crafted .dwf or .pct files via the DesignReview.exe application. The root cause is a write access violation leading to memory corruption, ...
CVE-2022-42936
Autodesk Design Review is affected by CVE-2022-42936. A maliciously crafted .dwf or .pct file consumed by DesignReview.exe can cause memory corruption via a write- access violation, which in combination with other vulnerabilities could lead to code execution in the context of the current process....
CVE-2008-4472
The CVE-2008-4472 issue is in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56) used by Autodesk products (e.g., Revit Architecture 2009 SP2, Autodesk Design Review 2009). The ApplyPatch method accepts a second argument and can cause arbitrary code execution on a remote Windows host when ...
CVE-2015-8572
CVE-2015-8572 affects Autodesk Design Review (ADR). Public details describe multiple buffer overflow vulnerabilities in ADR prior to the 2013 Hotfix 2, exploitable via crafted image data: (1) BMP or (2) FLI files, (3) encoded scan lines in PCX files, or (4) DataSubBlock or (5) GlobalColorTable in...
CVE-2022-42935
CVE-2022-42935 involves Autodesk Design Review. A maliciously crafted .dwf or .pct file consumed by DesignReview.exe can trigger a memory corruption write-access violation, potentially enabling code execution in the current process when combined with other vulnerabilities. Documents consistently ...
CVE-2022-42937
CVE-2022-42937 affects Autodesk Design Review’s DesignReview.exe via maliciously crafted .dwf or .pct files, causing memory corruption through a write access violation and potentially enabling code execution in the current process. Reports consistently describe a memory corruption vulnerability i...
CVE-2022-42939
Summary: CVE-2022-42939 affects Autodesk Design Review’s DesignReview.exe, where processing a maliciously crafted TGA file can cause memory corruption and potentially enable code execution in the current process. Affected component: DesignReview.exe (Autodesk). Root cause (as described): memory c...
CVE-2022-27866
CVE-2022-27866 affects Autodesk Design Review’s DesignReview.exe: processing a malicious TIFF can trigger out-of-bounds reads during TIFF parsing, enabling potential code execution in the current process. The issue is described as a TIFF parsing buffer/bounds error; attack vector is LOCAL with US...
CVE-2022-42940
The CVE-2022-42940 entry describes a memory corruption vulnerability in Autodesk Design Review when processing a maliciously crafted TGA file via DesignReview.exe, potentially enabling code execution within the current process. Affected component: Design Review/DesignReview.exe; vulnerability ari...
CVE-2022-42942
CVE-2022-42942 affects Autodesk Design Review/DesignReview.exe. A maliciously crafted DWG? DWF or .pct file can trigger memory corruption via a read access violation, which, in conjunction with other vulnerabilities, could lead to code execution in the current process. The vulnerability is descri...
CVE-2022-42941
CVE-2022-42941 affects Autodesk Design Review. A maliciously crafted DWF or PCT file consumed by DesignReview.exe can trigger a memory corruption via a read access violation, which in combination with other vulnerabilities could lead to code execution in the context of the current process. Connec...
CVE-2022-41310
CVE-2022-41310: A maliciously crafted .dwf or .pct file consumed by Autodesk Design Review can cause a memory corruption vulnerability via a write access violation, potentially enabling code execution in the current process. Exploitation details (vectors, affected versions, fixes) are not consist...
CVE-2015-8571
CVE-2015-8571 affects Autodesk Design Review prior to 2013 Hotfix 2. The issue is an integer overflow in BMP handling (biClrUsed) that can trigger a buffer overflow and allow remote code execution. Exploitation is possible via crafted BMP files; per ZDI, user interaction is required to exploit. R...
CVE-2014-9268
The CVE-2014-9268 entry concerns Autodesk Design Review’s AdView.AdViewer.1 ActiveX control. Affected component: AdView.AdViewer ActiveX in ADR prior to 2013 Hotfix 1. Root cause: improper parsing of DWF files enables an unauthenticated, remote attacker to execute arbitrary code. Impact: remote c...
CVE-2022-42938
Summary: CVE-2022-42938 is associated with Autodesk Design Review. A maliciously crafted TGA file consumed by the DesignReview.exe application can trigger a memory corruption vulnerability, which could lead to code execution in the context of the current process when combined with other vulnerabi...
CVE-2022-42944
CVE-2022-42944 affects Autodesk Design Review’s DesignReview.exe. A maliciously crafted DWF or PCT file can trigger a memory corruption vulnerability via a read access violation, which in conjunction with other flaws could lead to code execution in the context of the current process. Several conn...
CVE-2008-4471
The CVE-2008-4471 issue affects the DWF Viewer ActiveX control (AdView.dll 9.0.0.96) used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009. A directory traversal vulnerability in CExpressViewerControl allows remote attackers to overwrite arbitrary files via ".." in the SaveAS argume...
CVE-2022-41306
CVE-2022-41306 describes memory corruption in Autodesk DesignReview.exe triggered by consuming a maliciously crafted PCT file. The vulnerability can lead to code execution in the context of the current process and is associated with a high impact (C, I, A) and local attack vector with user intera...