CVE-2021-27039

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGH
EPSS
0.3%
top 50.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Autodesk AutocadAutodesk Design Review
Timeline
PublishedJul 9
Latest updateMay 24

Description

A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDautodesk/autocad< 2022.1.1
CVEListV5autodesk_design_review2018, 2017, 2013, 2012, 2011
NVDautodesk/design_review5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-hqq5-x2f6-hpmv: A maliciously crafted TIFF file in Autodesk 2018, 2017, 2013, 2012, 2011 can be forced to read and write beyond allocated boundaries when parsing the2022-05-24
CVEList
CVE-2021-27039: A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overf2021-07-09
CVE-2021-27039 (HIGH CVSS 7.8) | A maliciously crafted TIFF and PCX | cvebase.io