Overview
- Description
- A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.
- Source
- psirt@autodesk.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-416
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83CF6CDF-806C-4DC5-B572-C1C2BC2C25F2"
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2A78B6F8-DF84-4E6C-A247-0F6D2F8CA679"
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCD2CA9B-16E1-4BE7-A4E1-A9817A503958"
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31F2529F-ECF0-4568-BBDC-82B396A52332"
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "213232B9-A40B-436D-A66A-B65C49D59BE6"
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71"
},
{
"criteria": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84ED1789-A17F-48F7-A152-09D2A5C59254"
}
],
"operator": "OR"
}
]
}
]