CVE-2022-27864 — Double Free in Design Review

CWE-415 — Double Free3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 25.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk Design Review

Timeline

PublishedJul 29

Latest updateJul 30

Description

A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDautodesk/design_review5 versions+4

Patches

Patch: www.autodesk.com ↗Patch: www.autodesk.com ↗

🔴Vulnerability Details

GHSA

GHSA-v58j-mm8h-fph5: A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview↗2022-07-30

▶

CVEList

CVE-2022-27864: A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview↗2022-07-29

▶