Description
A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected products
- autodesk / design_review2018 – 2018
- autodesk / design_review2017 – 2017
- autodesk / design_review2013 – 2013
- autodesk / design_review2012 – 2012
- autodesk / design_review2011 – 2011
References
- MISChttps://www.autodesk.com/products/autodesk-access/overview
- MISChttps://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html
- VENDOR_ADVISORYhttps://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004