#VU54344 Out-of-bounds write in Autodesk Design Review - CVE-2021-27036

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PSD, BMP, PDF, PICT, PCX or TIFF files. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Remediation

External links

• https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003
• https://www.zerodayinitiative.com/advisories/ZDI-21-746/
• https://www.zerodayinitiative.com/advisories/ZDI-21-745/
• https://www.zerodayinitiative.com/advisories/ZDI-21-744/
• https://www.zerodayinitiative.com/advisories/ZDI-21-743/
• https://www.zerodayinitiative.com/advisories/ZDI-21-735/
• https://www.zerodayinitiative.com/advisories/ZDI-21-733/
• https://www.zerodayinitiative.com/advisories/ZDI-21-725/
• https://www.zerodayinitiative.com/advisories/ZDI-21-715/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1143/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1142/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1141/
• https://www.zerodayinitiative.com/advisories/ZDI-21-1138/
• https://www.zerodayinitiative.com/advisories/ZDI-22-462/
• https://www.zerodayinitiative.com/advisories/ZDI-22-458/
• https://www.zerodayinitiative.com/advisories/ZDI-22-457/
• https://www.zerodayinitiative.com/advisories/ZDI-22-456/
• https://www.zerodayinitiative.com/advisories/ZDI-22-482/
• https://www.zerodayinitiative.com/advisories/ZDI-22-479/