CVE-2021-27037 | Date: (C)2021-07-10 (M)2023-12-22 |
A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V3 Severity: | CVSS V2 Severity: |
CVSS Score : 7.8 | CVSS Score : 6.8 |
Exploit Score: 1.8 | Exploit Score: 8.6 |
Impact Score: 5.9 | Impact Score: 6.4 |
|
CVSS V3 Metrics: | CVSS V2 Metrics: |
Attack Vector: LOCAL | Access Vector: NETWORK |
Attack Complexity: LOW | Access Complexity: MEDIUM |
Privileges Required: NONE | Authentication: NONE |
User Interaction: REQUIRED | Confidentiality: PARTIAL |
Scope: UNCHANGED | Integrity: PARTIAL |
Confidentiality: HIGH | Availability: PARTIAL |
Integrity: HIGH | |
Availability: HIGH | |
| |