cvelistv5 - cve-2021-27034

CVE-2021-27034 (GCVE-0-2021-27034)

Vulnerability from cvelistv5

Published

2021-07-09 14:16

Modified

2024-08-03 20:40

Severity ?

CWE

Heap Overflow Vulnerability

Summary

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

References

►

URL

Tags

psirt@autodesk.com	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003	Vendor Advisory
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1125/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1126/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1127/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1128/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1129/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1130/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1131/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1132/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1125/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1126/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1127/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1128/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1129/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1130/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1131/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1132/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	Autodesk Design Review	Version: 2018, 2017, 2013, 2012, 2011

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap Overflow Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-09T13:25:05",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-27034",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Design Review",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap Overflow Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-27034",
    "datePublished": "2021-07-09T14:16:05",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:47.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27034\",\"sourceIdentifier\":\"psirt@autodesk.com\",\"published\":\"2021-07-09T15:15:07.720\",\"lastModified\":\"2024-11-21T05:57:13.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.\"},{\"lang\":\"es\",\"value\":\"Podr\u00eda producirse un desbordamiento del b\u00fafer basado en la pila mientras se analizan archivos PICT, PCX, RCL o TIFF en Autodesk Design Review 2018, 2017, 2013, 2012, 2011. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83CF6CDF-806C-4DC5-B572-C1C2BC2C25F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A78B6F8-DF84-4E6C-A247-0F6D2F8CA679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCD2CA9B-16E1-4BE7-A4E1-A9817A503958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31F2529F-ECF0-4568-BBDC-82B396A52332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D07C55F-1D23-4E2B-AC1E-67D735F800B7\"}]}]}],\"references\":[{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1125/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1126/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1127/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1128/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1129/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1130/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1131/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1132/\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1125/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1126/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1127/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1128/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1129/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1130/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1131/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-21-1132/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

ghsa-rw8g-f8hg-gjm6

Vulnerability from github

Published

2022-05-24 19:07

Modified

2022-05-24 19:07

Details

A heap-based buffer overflow could occur while parsing PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-27034"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-09T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A heap-based buffer overflow could occur while parsing PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.",
  "id": "GHSA-rw8g-f8hg-gjm6",
  "modified": "2022-05-24T19:07:21Z",
  "published": "2022-05-24T19:07:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27034"
    },
    {
      "type": "WEB",
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2021-27034

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-27034

Aliases

CVE-2021-27034

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-27034",
    "description": "A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.",
    "id": "GSD-2021-27034"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-27034"
      ],
      "details": "A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.",
      "id": "GSD-2021-27034",
      "modified": "2023-12-13T01:23:35.875835Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@autodesk.com",
        "ID": "CVE-2021-27034",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Autodesk Design Review",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Heap Overflow Vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003",
            "refsource": "MISC",
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-27034"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-12-08T20:23Z",
      "publishedDate": "2021-07-09T15:15Z"
    }
  }
}

fkie_cve-2021-27034

Vulnerability from fkie_nvd

Published

2021-07-09 15:15

Modified

2024-11-21 05:57

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@autodesk.com	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003	Vendor Advisory
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1125/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1126/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1127/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1128/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1129/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1130/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1131/	Third Party Advisory, VDB Entry
psirt@autodesk.com	https://www.zerodayinitiative.com/advisories/ZDI-21-1132/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1125/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1126/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1127/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1128/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1129/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1130/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1131/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-1132/	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
autodesk	design_review	2011
autodesk	design_review	2012
autodesk	design_review	2013
autodesk	design_review	2017
autodesk	design_review	2018

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*",
              "matchCriteriaId": "83CF6CDF-806C-4DC5-B572-C1C2BC2C25F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A78B6F8-DF84-4E6C-A247-0F6D2F8CA679",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD2CA9B-16E1-4BE7-A4E1-A9817A503958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F2529F-ECF0-4568-BBDC-82B396A52332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D07C55F-1D23-4E2B-AC1E-67D735F800B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Podr\u00eda producirse un desbordamiento del b\u00fafer basado en la pila mientras se analizan archivos PICT, PCX, RCL o TIFF en Autodesk Design Review 2018, 2017, 2013, 2012, 2011. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2021-27034",
  "lastModified": "2024-11-21T05:57:13.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-09T15:15:07.720",
  "references": [
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
    },
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/"
    },
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/"
    },
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/"
    },
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/"
    },
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/"
    },
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/"
    },
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/"
    },
    {
      "source": "psirt@autodesk.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/"
    }
  ],
  "sourceIdentifier": "psirt@autodesk.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-27034 (GCVE-0-2021-27034)

Vulnerability from cvelistv5

ghsa-rw8g-f8hg-gjm6

Vulnerability from github

gsd-2021-27034

Vulnerability from gsd

fkie_cve-2021-27034

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature