CVE-2021-27033 (GCVE-0-2021-27033)

Vulnerability from cvelistv5 – Published: 2021-07-09 14:12 – Updated: 2026-06-19 13:33
VLAI
Title
Double Free File Parsing Vulnerability in Autodesk Design Review
Summary
A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process.
Severity
8.1 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Autodesk Design Review Affected: 2018.0.0, 2017.0.0, 2013.0.0, 2012.0.0, 2011.0.0 , < 2018.0.0 (semver)
    cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*
    cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*
 Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Design Review",
          "vendor": "Autodesk",
          "versions": [
            {
              "lessThan": "2018.0.0",
              "status": "affected",
              "version": "2018.0.0, 2017.0.0, 2013.0.0, 2012.0.0, 2011.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-44",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-44 Overflow Binary Resource File"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415 Double Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T13:33:30.640Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/products/autodesk-access/overview"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Double Free File Parsing Vulnerability in Autodesk Design Review",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-27033",
    "datePublished": "2021-07-09T14:12:16.000Z",
    "dateReserved": "2021-02-09T00:00:00.000Z",
    "dateUpdated": "2026-06-19T13:33:30.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-27033",
      "date": "2026-06-25",
      "epss": "0.03004",
      "percentile": "0.85675"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83CF6CDF-806C-4DC5-B572-C1C2BC2C25F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A78B6F8-DF84-4E6C-A247-0F6D2F8CA679\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCD2CA9B-16E1-4BE7-A4E1-A9817A503958\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31F2529F-ECF0-4568-BBDC-82B396A52332\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D07C55F-1D23-4E2B-AC1E-67D735F800B7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad Double Free permite a los atacantes remotos ejecutar c\\u00f3digo arbitrario en archivos PDF dentro de las instalaciones afectadas de Autodesk Design Review 2018, 2017, 2013, 2012, 2011. Se requiere la interacci\\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\\u00e1gina maliciosa o abrir un archivo malicioso\"}]",
      "id": "CVE-2021-27033",
      "lastModified": "2024-11-21T05:57:13.067",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-07-09T15:15:07.537",
      "references": "[{\"url\": \"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004\", \"source\": \"psirt@autodesk.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@autodesk.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-415\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-27033\",\"sourceIdentifier\":\"psirt@autodesk.com\",\"published\":\"2021-07-09T15:15:07.537\",\"lastModified\":\"2026-06-19T14:16:20.473\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad Double Free permite a los atacantes remotos ejecutar c\u00f3digo arbitrario en archivos PDF dentro de las instalaciones afectadas de Autodesk Design Review 2018, 2017, 2013, 2012, 2011. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso\"}],\"affected\":[{\"source\":\"psirt@autodesk.com\",\"affectedData\":[{\"vendor\":\"Autodesk\",\"product\":\"Design Review\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*\",\"cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*\",\"cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*\",\"cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*\",\"cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"2018.0.0, 2017.0.0, 2013.0.0, 2012.0.0, 2011.0.0\",\"lessThan\":\"2018.0.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@autodesk.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"psirt@autodesk.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83CF6CDF-806C-4DC5-B572-C1C2BC2C25F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2012:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A78B6F8-DF84-4E6C-A247-0F6D2F8CA679\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2013:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCD2CA9B-16E1-4BE7-A4E1-A9817A503958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2017:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31F2529F-ECF0-4568-BBDC-82B396A52332\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:autodesk:design_review:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D07C55F-1D23-4E2B-AC1E-67D735F800B7\"}]}]}],\"references\":[{\"url\":\"https://www.autodesk.com/products/autodesk-access/overview\",\"source\":\"psirt@autodesk.com\"},{\"url\":\"https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html\",\"source\":\"psirt@autodesk.com\"},{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004\",\"source\":\"psirt@autodesk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.