CVE-2022-27525

CWE-787Out-of-bounds Write5 documents4 sources
Severity
7.8HIGH
EPSS
0.3%
top 43.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Autodesk Design Review
Timeline
PublishedApr 18
Latest updateApr 19

Description

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDautodesk/design_review5 versions+4
CVEListV5autodesk®_design_review2018

🔴Vulnerability Details

2
GHSA
GHSA-pmwh-9hpj-v5hc: A malicious crafted2022-04-19
CVEList
CVE-2022-27525: A malicious crafted2022-04-18
CVE-2022-27525 (HIGH CVSS 7.8) | A malicious crafted .dwf or .pct fi | cvebase.io