CVE Vulnerabilities

CVE-2021-27033

Double Free

Published: Jul 09, 2021 | Modified: Jul 01, 2022
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Design_review Autodesk 2013 2013
Design_review Autodesk 2012 2012
Design_review Autodesk 2018 2018
Design_review Autodesk 2011 2011
Design_review Autodesk 2017 2017

Potential Mitigations

References