CVE-2021-27035: 
Autodesk Design Review vulnerability analysis and mitigation

CVE-2021-27035 is a vulnerability affecting Autodesk Design Review versions 2018, 2017, 2013, 2012, and 2011. The vulnerability was discovered in 2021 and involves an out-of-bounds read vulnerability when parsing various file formats including TIFF, TIF, PICT, TGA, or DWF files (Autodesk Advisory, NVD).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-787) with a CVSS v3.1 base score of 7.8 (High). The attack vector is Local (L), with Low attack complexity (L), requiring no privileges (N) but does need user interaction (R). The scope is Unchanged (U) with High impact on confidentiality, integrity, and availability (H,H,H) (NVD).

When exploited, this vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. The vulnerability allows attackers to read beyond allocated boundaries when parsing specific file formats, which could potentially expose sensitive information (ZDI Advisory, Autodesk Advisory).

Autodesk has released security updates to address this vulnerability. Users of Autodesk Design Review 2018 are recommended to install Hotfix 5. For earlier versions (2013 or earlier), users need to upgrade to version 2018 or later (Autodesk Advisory).