Design Review
CVE-2022-27866
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
AnalysisAI
A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. Affected products include: Autodesk Design Review.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Design Review
View allA maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PD
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitra
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerab
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption
Same weakness CWE-125 – Out-of-bounds Read
View allShare
External POC / Exploit Code
Leaving vuln.today