Design Review
CVE-2019-7363
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.
AnalysisAI
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution. Affected products include: Autodesk Design Review.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
More in Design Review
View allA maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PD
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitra
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today