CVE-2021-27039: 
Autodesk Design Review vulnerability analysis and mitigation

A maliciously crafted TIFF and PCX file vulnerability (CVE-2021-27039) was discovered in Autodesk Design Review software. The vulnerability affects multiple versions including Design Review 2018, 2017, 2013, 2012, and 2011. When parsing TIFF and PCX files, the software can be forced to read and write beyond allocated boundaries, potentially leading to arbitrary code execution (Autodesk Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue stems from improper boundary checking during TIFF and PCX file parsing operations, resulting in out-of-bounds read and write capabilities. The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the current process. The high CVSS score indicates potential severe impacts on system confidentiality, integrity, and availability (ZDI Advisory).

Autodesk has released updates to address this vulnerability. Users of Autodesk Design Review 2018 are advised to install Hotfix 5. For Design Review 2013 or earlier versions, users need to upgrade to version 2018 or later. The fixes are available through the Autodesk Knowledge Network (Autodesk Advisory).