#VU54342 Heap-based buffer overflow in Autodesk Design Review - CVE-2021-27034

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing PICT, TGA, DWF, RLC or TIFF files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

External links

• https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003
• https://www.zerodayinitiative.com/advisories/ZDI-21-734/
• https://www.zerodayinitiative.com/advisories/ZDI-21-732/
• https://www.zerodayinitiative.com/advisories/ZDI-21-730/
• https://www.zerodayinitiative.com/advisories/ZDI-21-729/
• https://www.zerodayinitiative.com/advisories/ZDI-21-722/
• https://www.zerodayinitiative.com/advisories/ZDI-21-721/
• https://www.zerodayinitiative.com/advisories/ZDI-21-720/
• https://www.zerodayinitiative.com/advisories/ZDI-21-716/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1132/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1131/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1130/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1129/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1128/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1127/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1126/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1125/