Lucene search
K
AutodeskDesign Review

46 matches found

cve
cve
added 2021/07/09 2:17 p.m.186 views

CVE-2021-27038

CVE-2021-27038 is a real vulnerability in Autodesk Design Review affecting 2011–2018 versions, caused by a type-confusion bug in PDF parsing that can lead to remote code execution. Exploitation details in public advisories indicate that user interaction is required (e.g., opening a crafted PDF or...

7.8CVSS7.8AI score0.01767EPSS
cve
cve
added 2019/08/23 7:35 p.m.126 views

CVE-2019-7363

CVE-2019-7363 describes a use-after-free vulnerability in Autodesk Design Review for versions 2011, 2012, 2013 and 2018. The issue arises when processing malicious DWF files, which may leverage the use-after-free to achieve code execution. Connected records reiterate the same core details (root c...

7.8CVSS7.7AI score0.01298EPSS
cve
cve
added 2019/08/23 7:35 p.m.119 views

CVE-2019-7362

Autodesk Design Review (Windows) is affected by a DLL preloading vulnerability (CVE-2019-7362) in ADR versions 2011, 2012, 2013, and 2018. The issue allows code execution if a user opens a malicious DWF file, due to how a DLL is loaded. Root cause: DLL preloading. Exploitation details, affected b...

7.8CVSS7.7AI score0.01235EPSS
cve
cve
added 2022/10/07 12:0 a.m.98 views

CVE-2021-40163

CVE-2021-40163 is a memory corruption vulnerability in Autodesk Image Processing component that can lead to code execution via a malicious DLL. The NVD entry notes local attack vector, user interaction required, with a base score of 7.8 (HIGH). The issue is repeatedly described across sources as ...

7.8CVSS7.8AI score0.00242EPSS
cve
cve
added 2021/07/09 2:16 p.m.93 views

CVE-2021-27035

CVE-2021-27035 affects Autodesk Design Review 2011–2018 (pre-2018 hotfix 4). The issue occurs when parsing TIFF, PICT, TGA or DWF files, where reads beyond allocated boundaries can occur, potentially enabling code execution in the context of the affected process when combined with other vulnerabi...

7.8CVSS7.6AI score0.01708EPSS
cve
cve
added 2022/04/18 4:20 p.m.92 views

CVE-2022-27525

Autodesk AutoCAD/Design Review vulnerability CVE-2022-27525: A crafted .dwf or .pct file processed by DesignReview.exe can cause memory corruption via a write access violation, potentially enabling code execution in the current process. Affected product: Autodesk Design Review (and related Autode...

7.8CVSS8AI score0.01644EPSS
cve
cve
added 2022/01/25 7:11 p.m.85 views

CVE-2021-40167

Autodesk Design Review is affected by CVE-2021-40167 through memory corruption in the DWF/.pct file parsing pathway, potentially enabling code execution. Multiple sources (NVD, ZDI, CNA/CNNVD) describe a vulnerability in the DesignReview.exe parser that can be triggered by maliciously crafted DWF...

7.8CVSS7.8AI score0.07734EPSS
cve
cve
added 2022/04/18 4:20 p.m.85 views

CVE-2022-27526

The CVE-2022-27526 issue affects Autodesk Design Review. A maliciously crafted TGA file could trigger a memory corruption in DesignReview.exe, potentially enabling code execution in the context of the current process. Exploitation is consistent with a local attack requiring user interaction (per ...

7.8CVSS7.9AI score0.0148EPSS
cve
cve
added 2021/06/25 12:41 p.m.84 views

CVE-2021-27041

CVE-2021-27041 affects Autodesk AutoCAD DWG file parsing. The flaw is an out-of-bounds write resulting from insufficient validation while parsing DWG data, allowing arbitrary code execution. Exploitation vectors involve opening a malicious DWG file (user interaction may be required per sources). ...

7.8CVSS7.9AI score0.01696EPSS
cve
cve
added 2022/10/07 12:0 a.m.83 views

CVE-2021-40166

CVE-2021-40166 affects Autodesk Image Processing: parsing of a malicious PNG can trigger a use-after-free by freeing an object that has already been freed, potentially allowing arbitrary code execution. Documented impact is arbitrary code execution; no specific remediation/version fixes are state...

7.8CVSS7.8AI score0.00242EPSS
cve
cve
added 2021/07/09 2:17 p.m.82 views

CVE-2021-27036

CVE-2021-27036 describes a buffer overflow in parsing multiple image/graphic formats (PCX, PICT, RCL, TIF/TIFF, BMP, PSD, PDF) that can allow remote code execution. The Red Hat advisory reproduces the description: a maliciously crafted file can write beyond the allocated buffer during parsing, en...

7.8CVSS7.8AI score0.01708EPSS
cve
cve
added 2021/12/23 6:31 p.m.82 views

CVE-2021-40161

Summary (CVE-2021-40161) : The issue affects PDFTron software; memory corruption can enable remote code execution when processing PDFs containing malicious DLL references. Root cause is errors in the mechanism that checks the path to dynamically loaded libraries (DLLs). Affected products are PDFT...

7.8CVSS7.8AI score0.01437EPSS
cve
cve
added 2021/07/09 2:17 p.m.81 views

CVE-2021-27037

Summary: CVE-2021-27037 affects Autodesk Design Review (multiple years). A maliciously crafted PNG, PDF or DWF file can trigger a use-after-free during parsing, enabling arbitrary code execution. Connected advisories corroborate remote code execution vectors requiring user action (e.g., opening a...

7.8CVSS7.8AI score0.01606EPSS
cve
cve
added 2021/07/09 2:18 p.m.81 views

CVE-2021-27039

The CVE-2021-27039 entry describes a buffer/heap-based overflow when parsing TIFF and PCX files in Autodesk Design Review (and related Autodesk tooling such as AutoCAD context). The underlying issue is improper bounds/length validation during TIFF/PCX parsing, enabling read/write beyond allocated...

7.8CVSS7.8AI score0.01613EPSS
cve
cve
added 2022/10/21 12:0 a.m.80 views

CVE-2022-42943

CVE-2022-42943 describes a memory corruption vulnerability in Autodesk Design Review’s DesignReview.exe triggered by a maliciously crafted .dwf/.pct file. The issue arises from a read access violation when parsing the file, and could lead to code execution in the context of the affected process. ...

7.8CVSS7.8AI score0.00374EPSS
cve
cve
added 2021/07/09 2:12 p.m.79 views

CVE-2021-27033

CVE-2021-27033 is a Double Free vulnerability in Autodesk Design Review’s PDF parsing. Affected ADR versions (2011, 2012, 2013, 2017, 2018) can be exploited remotely by a user opening a malicious PDF/file or visiting a malicious page, leading to arbitrary code execution. The flaw stems from impro...

8.1CVSS7.5AI score0.02992EPSS
cve
cve
added 2022/10/07 12:0 a.m.79 views

CVE-2021-40162

CVE-2021-40162 affects Autodesk Image Processing: a vulnerability where parsing TIFF/PICT/TGA/RLC files may cause reads beyond allocated boundaries, enabling arbitrary code execution. Root cause is in the image-processing component's handling of external image formats. Impact is high (AV Local, U...

7.8CVSS7.7AI score0.00242EPSS
cve
cve
added 2021/12/23 6:31 p.m.72 views

CVE-2021-40160

CVE-2021-40160 affects PDFTron before 9.0.7, where parsing a malicious PDF can read beyond allocated boundaries, enabling arbitrary code execution. The primary public details come from Autodesk/AutoCAD disclosures and ZDI notes: exploitation is possible via crafted PDF data, and some analyses ind...

7.8CVSS7.7AI score0.0154EPSS
cve
cve
added 2022/10/07 12:0 a.m.72 views

CVE-2021-40164

This CVE affects Autodesk Image Processing. A heap-based buffer overflow can occur while parsing TIFF, PICT, TGA, or RLC files, enabling arbitrary code execution. Root cause: improper handling during image parsing. Impact is high per sources; exploitation is possible when processing malformed ima...

7.8CVSS8AI score0.00246EPSS
cve
cve
added 2022/07/29 7:5 p.m.72 views

CVE-2022-27864

CVE-2022-27864 concerns Autodesk Design Review (DesignReview.exe). The issue is a Double Free vulnerability that allows remote code execution through PDFs opened in affected installations. Exploitation requires user interaction: the target must visit a malicious page or open a malicious file. Mul...

8.8CVSS8.8AI score0.00947EPSS
cve
cve
added 2022/06/21 2:23 p.m.72 views

CVE-2022-27871

CVE-2022-27871 affects Autodesk AutoCAD product suite, Revit, Design Review and Navisworks when using PDFTron prior to 9.1.17. The root cause is a boundary error while parsing PDF files, which can allow writing beyond the allocated buffer. This may enable arbitrary code execution on the affected ...

7.8CVSS8AI score0.00727EPSS
cve
cve
added 2022/10/03 12:0 a.m.72 views

CVE-2022-33890

CVE-2022-33890 affects Autodesk Design Review through DesignReview.exe when processing a malicious PCT/DWF file, leading to a memory corruption via a read access violation. This could, in conjunction with other vulnerabilities, enable code execution in the current process. Multiple sources corrob...

7.8CVSS7.8AI score0.0041EPSS
cve
cve
added 2021/07/09 2:16 p.m.71 views

CVE-2021-27034

Gleaned from connected docs: CVE-2021-27034 affects Autodesk Design Review (versions prior to 2018 hotfix 4 as per Nessus adsk-sa-2021-0003) and involves a heap-based buffer overflow during parsing of PICT, PCX, RCL or TIFF files. The root cause is improper bounds/length validation in the parsing...

7.8CVSS7.8AI score0.02208EPSS
cve
cve
added 2022/07/29 7:1 p.m.71 views

CVE-2022-27865

The CVE-2022-27865 entry describes a buffer-overflow vulnerability in Autodesk Design Review’s DesignReview.exe when parsing TGA and PCX files. A maliciously crafted TGA/PCX file can cause writes beyond the allocated buffer, enabling arbitrary code execution. Affected software: Autodesk Design Re...

7.8CVSS7.9AI score0.00228EPSS
cve
cve
added 2022/10/03 2:22 p.m.71 views

CVE-2022-33889

CVE-2022-33889 affects Autodesk Design Review 2018 and AutoCAD 2022–2023. The issue is a heap-buffer overflow when parsing malicious GIF/JPEG files, enabling arbitrary code execution. The Red Hat/NVD entries and security bulletins reference the same vulnerability across products; Autodesk advisor...

7.8CVSS7.8AI score0.00242EPSS
cve
cve
added 2022/10/07 12:0 a.m.69 views

CVE-2021-40165

Summary: CVE-2021-40165 affects Autodesk Image Processing components. A crafted TIFF/PICT/TGA/RLC file can cause a write past the allocated buffer during parsing, potentially allowing arbitrary code execution. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, low attack complexity, ...

7.8CVSS7.9AI score0.00242EPSS
cve
cve
added 2022/10/21 12:0 a.m.69 views

CVE-2022-41309

Autodesk Design Review (DesignReview.exe) is affected by CVE-2022-41309 via a memory corruption vulnerability triggered by processing a maliciously crafted .dwf or .pct file, which could lead to code execution in the current process context. The issue centers on a write access violation causing m...

7.8CVSS8AI score0.00374EPSS
cve
cve
added 2022/10/21 12:0 a.m.69 views

CVE-2022-42934

CVE-2022-42934 describes a memory corruption vulnerability in Autodesk Design Review where processing a maliciously crafted .dwf/.pct file via DesignReview.exe can cause a write-Access violation, potentially enabling code execution in the current process. Public sources (NVD/Red Hat/CNNVD) consis...

7.8CVSS8AI score0.00338EPSS
cve
cve
added 2022/10/21 12:0 a.m.68 views

CVE-2022-42933

Summary (CVE-2022-42933) : Multiple connected sources describe a memory corruption vulnerability in Autodesk Design Review, triggered when parsing maliciously crafted .dwf or .pct files via the DesignReview.exe application. The root cause is a write access violation leading to memory corruption, ...

7.8CVSS8AI score0.00338EPSS
cve
cve
added 2022/10/21 12:0 a.m.68 views

CVE-2022-42936

Autodesk Design Review is affected by CVE-2022-42936. A maliciously crafted .dwf or .pct file consumed by DesignReview.exe can cause memory corruption via a write- access violation, which in combination with other vulnerabilities could lead to code execution in the context of the current process....

7.8CVSS8AI score0.00374EPSS
cve
cve
added 2008/10/07 6:27 p.m.67 views

CVE-2008-4472

The CVE-2008-4472 issue is in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56) used by Autodesk products (e.g., Revit Architecture 2009 SP2, Autodesk Design Review 2009). The ApplyPatch method accepts a second argument and can cause arbitrary code execution on a remote Windows host when ...

9.3CVSS7.2AI score0.07836EPSS
cve
cve
added 2015/12/15 9:0 p.m.67 views

CVE-2015-8572

CVE-2015-8572 affects Autodesk Design Review (ADR). Public details describe multiple buffer overflow vulnerabilities in ADR prior to the 2013 Hotfix 2, exploitable via crafted image data: (1) BMP or (2) FLI files, (3) encoded scan lines in PCX files, or (4) DataSubBlock or (5) GlobalColorTable in...

6.8CVSS7.7AI score0.03751EPSS
cve
cve
added 2022/10/21 12:0 a.m.67 views

CVE-2022-42935

CVE-2022-42935 involves Autodesk Design Review. A maliciously crafted .dwf or .pct file consumed by DesignReview.exe can trigger a memory corruption write-access violation, potentially enabling code execution in the current process when combined with other vulnerabilities. Documents consistently ...

7.8CVSS8AI score0.00338EPSS
cve
cve
added 2022/10/21 12:0 a.m.66 views

CVE-2022-42937

CVE-2022-42937 affects Autodesk Design Review’s DesignReview.exe via maliciously crafted .dwf or .pct files, causing memory corruption through a write access violation and potentially enabling code execution in the current process. Reports consistently describe a memory corruption vulnerability i...

7.8CVSS8AI score0.00338EPSS
cve
cve
added 2022/10/21 12:0 a.m.66 views

CVE-2022-42939

Summary: CVE-2022-42939 affects Autodesk Design Review’s DesignReview.exe, where processing a maliciously crafted TGA file can cause memory corruption and potentially enable code execution in the current process. Affected component: DesignReview.exe (Autodesk). Root cause (as described): memory c...

7.8CVSS7.9AI score0.00374EPSS
cve
cve
added 2022/07/29 7:1 p.m.65 views

CVE-2022-27866

CVE-2022-27866 affects Autodesk Design Review’s DesignReview.exe: processing a malicious TIFF can trigger out-of-bounds reads during TIFF parsing, enabling potential code execution in the current process. The issue is described as a TIFF parsing buffer/bounds error; attack vector is LOCAL with US...

7.8CVSS7.6AI score0.00228EPSS
cve
cve
added 2022/10/21 12:0 a.m.65 views

CVE-2022-42940

The CVE-2022-42940 entry describes a memory corruption vulnerability in Autodesk Design Review when processing a maliciously crafted TGA file via DesignReview.exe, potentially enabling code execution within the current process. Affected component: Design Review/DesignReview.exe; vulnerability ari...

7.8CVSS7.9AI score0.00374EPSS
cve
cve
added 2022/10/21 12:0 a.m.65 views

CVE-2022-42942

CVE-2022-42942 affects Autodesk Design Review/DesignReview.exe. A maliciously crafted DWG? DWF or .pct file can trigger memory corruption via a read access violation, which, in conjunction with other vulnerabilities, could lead to code execution in the current process. The vulnerability is descri...

7.8CVSS7.8AI score0.00374EPSS
cve
cve
added 2022/10/21 12:0 a.m.64 views

CVE-2022-42941

CVE-2022-42941 affects Autodesk Design Review. A maliciously crafted DWF or PCT file consumed by DesignReview.exe can trigger a memory corruption via a read access violation, which in combination with other vulnerabilities could lead to code execution in the context of the current process. Connec...

7.8CVSS7.8AI score0.00374EPSS
cve
cve
added 2022/10/21 12:0 a.m.63 views

CVE-2022-41310

CVE-2022-41310: A maliciously crafted .dwf or .pct file consumed by Autodesk Design Review can cause a memory corruption vulnerability via a write access violation, potentially enabling code execution in the current process. Exploitation details (vectors, affected versions, fixes) are not consist...

7.8CVSS8AI score0.00365EPSS
cve
cve
added 2015/12/15 9:0 p.m.62 views

CVE-2015-8571

CVE-2015-8571 affects Autodesk Design Review prior to 2013 Hotfix 2. The issue is an integer overflow in BMP handling (biClrUsed) that can trigger a buffer overflow and allow remote code execution. Exploitation is possible via crafted BMP files; per ZDI, user interaction is required to exploit. R...

6.8CVSS8.2AI score0.03359EPSS
cve
cve
added 2014/12/08 4:0 p.m.58 views

CVE-2014-9268

The CVE-2014-9268 entry concerns Autodesk Design Review’s AdView.AdViewer.1 ActiveX control. Affected component: AdView.AdViewer ActiveX in ADR prior to 2013 Hotfix 1. Root cause: improper parsing of DWF files enables an unauthenticated, remote attacker to execute arbitrary code. Impact: remote c...

6.8CVSS7.8AI score0.04658EPSS
cve
cve
added 2022/10/21 12:0 a.m.58 views

CVE-2022-42938

Summary: CVE-2022-42938 is associated with Autodesk Design Review. A maliciously crafted TGA file consumed by the DesignReview.exe application can trigger a memory corruption vulnerability, which could lead to code execution in the context of the current process when combined with other vulnerabi...

7.8CVSS7.9AI score0.00338EPSS
cve
cve
added 2022/10/21 12:0 a.m.57 views

CVE-2022-42944

CVE-2022-42944 affects Autodesk Design Review’s DesignReview.exe. A maliciously crafted DWF or PCT file can trigger a memory corruption vulnerability via a read access violation, which in conjunction with other flaws could lead to code execution in the context of the current process. Several conn...

7.8CVSS7.8AI score0.00374EPSS
cve
cve
added 2008/10/07 6:27 p.m.56 views

CVE-2008-4471

The CVE-2008-4471 issue affects the DWF Viewer ActiveX control (AdView.dll 9.0.0.96) used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009. A directory traversal vulnerability in CExpressViewerControl allows remote attackers to overwrite arbitrary files via ".." in the SaveAS argume...

9.3CVSS6.9AI score0.06729EPSS
cve
cve
added 2022/10/14 12:0 a.m.56 views

CVE-2022-41306

CVE-2022-41306 describes memory corruption in Autodesk DesignReview.exe triggered by consuming a maliciously crafted PCT file. The vulnerability can lead to code execution in the context of the current process and is associated with a high impact (C, I, A) and local attack vector with user intera...

7.8CVSS7.9AI score0.00397EPSS