CVE-2021-27034: 
Autodesk Design Review vulnerability analysis and mitigation

CVE-2021-27034 is a heap-based buffer overflow vulnerability discovered in Autodesk Design Review versions 2018, 2017, 2013, 2012, and 2011. The vulnerability was disclosed on July 9, 2021, and affects the parsing functionality of multiple file formats including PICT, PCX, RCL, and TIFF files (NVD, Autodesk Advisory).

The vulnerability stems from improper validation of user-supplied data length before copying it to a fixed-length heap-based buffer during file parsing operations. It has been assigned a CVSS v3.1 base score of 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD, ZDI Advisory).

If successfully exploited, this vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Design Review. The impact includes potential unauthorized code execution in the context of the current process, which could lead to complete system compromise (ZDI Advisory).

Autodesk has released a security hotfix (2018 Hotfix 4) to address this vulnerability. Users of Autodesk Design Review 2018 are strongly recommended to download and install this security update. Users of version 2013 or earlier must upgrade to version 2018 or later. As a general best practice, users are advised to only open files from trusted sources (Autodesk Advisory).