CVE-2022-27866

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 81.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Autodesk Design Review
Timeline
PublishedJul 29
Latest updateJul 30

Description

A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5autodesk_design_review2018, 2017, 2013, 2012, 2011
NVDautodesk/design_review5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-jp2j-9fj2-83hc: A maliciously crafted TIFF file when consumed through DesignReview2022-07-30
CVEList
CVE-2022-27866: A maliciously crafted TIFF file when consumed through DesignReview2022-07-29
CVE-2022-27866 (HIGH CVSS 7.8) | A maliciously crafted TIFF file whe | cvebase.io