A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Weakness
The product calls free() twice on the same memory address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Design_review | Autodesk | 2011 (including) | 2011 (including) |
| Design_review | Autodesk | 2012 (including) | 2012 (including) |
| Design_review | Autodesk | 2013 (including) | 2013 (including) |
| Design_review | Autodesk | 2017 (including) | 2017 (including) |
| Design_review | Autodesk | 2018 (including) | 2018 (including) |
| Design_review | Autodesk | 2018-hotfix (including) | 2018-hotfix (including) |
| Design_review | Autodesk | 2018-hotfix2 (including) | 2018-hotfix2 (including) |
| Design_review | Autodesk | 2018-hotfix3 (including) | 2018-hotfix3 (including) |
| Design_review | Autodesk | 2018-hotfix4 (including) | 2018-hotfix4 (including) |
| Design_review | Autodesk | 2018-hotfix5 (including) | 2018-hotfix5 (including) |