CVE-2019-7363 — Use After Free in Design Review

CWE-416 — Use After Free3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 33.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Design Review

Timeline

PublishedAug 23

Latest updateMay 24

Description

Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDautodesk/design_review4 versions+3

Patches

Patch: www.autodesk.com ↗Patch: www.autodesk.com ↗

🔴Vulnerability Details

GHSA

GHSA-993h-57jh-87g6: Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018↗2022-05-24

▶

CVEList

CVE-2019-7363: Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018↗2019-08-23

▶