CVE-2022-27866

A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Published: Jul 29, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-27866
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
autodesk / design_review	2018-hotfix	2018-hotfix.x
autodesk / design_review	2018-hotfix2	2018-hotfix2.x
autodesk / design_review	2018-hotfix3	2018-hotfix3.x
autodesk / design_review	2018-hotfix4	2018-hotfix4.x
autodesk / design_review	2018	2018.x
autodesk / design_review	2018-hotfix5	2018-hotfix5.x
autodesk / design_review	2017	2017.x
autodesk / design_review	2013	2013.x
autodesk / design_review	2012	2012.x
autodesk / design_review	2011	2011.x

https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0009

Vulnerability Database

289,697

CVE-2022-27866