Описание
A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer while parsing PDF, PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.
A maliciously crafted PDF, PICT or TIFF file can be used to write beyond the allocated buffer while parsing PDF, PICT or TIFF files in Autodesk 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-27036
- https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003
- https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
- https://www.zerodayinitiative.com/advisories/ZDI-21-1138
- https://www.zerodayinitiative.com/advisories/ZDI-21-1141
- https://www.zerodayinitiative.com/advisories/ZDI-21-1142
- https://www.zerodayinitiative.com/advisories/ZDI-21-1143
- https://www.zerodayinitiative.com/advisories/ZDI-22-456
- https://www.zerodayinitiative.com/advisories/ZDI-22-457
- https://www.zerodayinitiative.com/advisories/ZDI-22-458
- https://www.zerodayinitiative.com/advisories/ZDI-22-462
- https://www.zerodayinitiative.com/advisories/ZDI-22-479
- https://www.zerodayinitiative.com/advisories/ZDI-22-482
Связанные уязвимости
A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code
Уязвимость реализации синтаксического анализа файлов формата PDF программного средства для нанесения электронных пометок Autodesk Design Review, позволяющая нарушителю выполнить произвольный код