CVE-2021-27040Out-of-bounds Read in Advance Steel

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.3%
top 43.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Autodesk Advance SteelAutodesk AutocadAutodesk Autocad Architecture+10 more
Timeline
PublishedJun 25
Latest updateMay 24

Description

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages13 packages

NVDautodesk/autocad20192019.1.3+3
NVDautodesk/civil_3d20192019.1.3+3
NVDautodesk/autocad_lt20192019.1.3+3
NVDautodesk/autocad_mep20192019.1.3+3
NVDautodesk/dwg_trueview20222022.1.1

🔴Vulnerability Details

2
GHSA
GHSA-qxw7-h89m-x9wf: A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file2022-05-24
CVEList
CVE-2021-27040: A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file2021-06-25