CVE-2021-27033: 
Autodesk Design Review vulnerability analysis and mitigation

A Double Free vulnerability (CVE-2021-27033) was discovered in Autodesk Design Review versions 2018, 2017, 2013, 2012, and 2011. The vulnerability was reported on February 9, 2021, and allows remote attackers to execute arbitrary code when processing PDF files. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file (Autodesk Advisory).

The vulnerability exists within the parsing of PDF files. The specific flaw results from the lack of validating the existence of an object prior to performing further free operations on the object. The vulnerability has been assigned a CVSS score of 7.8 (High) with the following vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (ZDI Advisory).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates that the vulnerability could have significant impacts on the confidentiality, integrity, and availability of the affected system (ZDI Advisory).

Autodesk has released security updates to address this vulnerability. Users of Autodesk Design Review 2018 and earlier versions are strongly recommended to download and install the security hotfix available via the Autodesk Knowledge Network. Customers using Design Review 2013 or earlier versions need to upgrade to version 2018 or later (Autodesk Advisory).