CVE-2022-27871 — Allocation of Resources Without Limits or Throttling in 3DS MAX

CWE-770 — Allocation of Resources Without Limits or Throttling3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 41.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Autodesk 3DS MAX Autodesk Advance Steel Autodesk Autocad +11 more

Timeline

PublishedJun 21

Latest updateJun 22

Description

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

▶NVDautodesk/design_review2018

▶NVDautodesk/revit2020, 2021, 2022+2

▶NVDautodesk/autocad4 versions+3

▶NVDautodesk/autocad_lt4 versions+3

▶NVDautodesk/navisworks2019, 2020, 2022+2

🔴Vulnerability Details

GHSA

GHSA-5gx4-f3wm-4qq2: Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9↗2022-06-22

▶

CVEList

CVE-2022-27871: Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9↗2022-06-21

▶