CVE-2022-27865

A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.

Published: Jul 29, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-27865
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
autodesk / design_review	2018-hotfix	2018-hotfix.x
autodesk / design_review	2018-hotfix2	2018-hotfix2.x
autodesk / design_review	2018-hotfix3	2018-hotfix3.x
autodesk / design_review	2018-hotfix4	2018-hotfix4.x
autodesk / design_review	2018	2018.x
autodesk / design_review	2018-hotfix5	2018-hotfix5.x
autodesk / design_review	2017	2017.x
autodesk / design_review	2013	2013.x
autodesk / design_review	2012	2012.x
autodesk / design_review	2011	2011.x

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0009

Vulnerability Database

289,784

CVE-2022-27865