A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.
References
| Link | Resource |
|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0009 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Aug 2022, 12:14
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:autodesk:design_review:2011:-:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2017:-:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix5:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2013:-:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2012:-:*:*:*:*:*:* cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:* |
|
| References | (MISC) https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0009 - Patch, Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CWE | CWE-787 |
29 Jul 2022, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-07-29 20:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-27865
Mitre link : CVE-2022-27865
CVE.ORG link : CVE-2022-27865
JSON object : View
Products Affected
autodesk
- design_review
CWE
CWE-787
Out-of-bounds Write