CVE-2021-27034

{"id": "CVE-2021-27034", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-07-09T15:15:07.720", "references": [{"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0003", "tags": ["Vendor Advisory"], "source": "psirt@autodesk.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1125/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@autodesk.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1126/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@autodesk.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1127/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@autodesk.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1128/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@autodesk.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1129/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@autodesk.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1130/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@autodesk.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1131/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@autodesk.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1132/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "psirt@autodesk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code."}, {"lang": "es", "value": "Podr\u00eda producirse un desbordamiento del b\u00fafer basado en la pila mientras se analizan archivos PICT, PCX, RCL o TIFF en Autodesk Design Review 2018, 2017, 2013, 2012, 2011. Esta vulnerabilidad puede ser explotada para ejecutar c\u00f3digo arbitrario."}], "lastModified": "2021-12-08T20:23:47.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83CF6CDF-806C-4DC5-B572-C1C2BC2C25F2"}, {"criteria": "cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A78B6F8-DF84-4E6C-A247-0F6D2F8CA679"}, {"criteria": "cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCD2CA9B-16E1-4BE7-A4E1-A9817A503958"}, {"criteria": "cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31F2529F-ECF0-4568-BBDC-82B396A52332"}, {"criteria": "cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D07C55F-1D23-4E2B-AC1E-67D735F800B7"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@autodesk.com"}