CVE-2021-27029: 
Autodesk FBX Review vulnerability analysis and mitigation

A Null Pointer Dereference vulnerability (CVE-2021-27029) was discovered in Autodesk FBX Review version 1.5.0 and prior versions. The vulnerability was disclosed on April 19, 2021, affecting the FBX Review application (Vendor Advisory, ZDI Advisory).

The vulnerability exists within the parsing of FBX files and results from the lack of proper validation of user-supplied values prior to dereferencing them as pointers. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-476 (NULL Pointer Dereference) (NVD).

When successfully exploited, this vulnerability can cause the application to crash, leading to a denial of service condition. The attack requires user interaction as the target must open a malicious FBX file (ZDI Advisory).

Autodesk has released version 1.5.2 to address this vulnerability. Users of affected versions (1.4.1.0 and 1.5.0) are recommended to apply the available hotfix via the Autodesk Desktop App or the Accounts Portal. Users of previous versions that no longer qualify for full support should upgrade to a supported version as soon as possible (Vendor Advisory).