CVE-2022-27865: 
Autodesk Design Review vulnerability analysis and mitigation

CVE-2022-27865 is a buffer overflow vulnerability discovered in Autodesk Design Review's TGA and PCX file parsing functionality. The vulnerability was disclosed on July 29, 2022, affecting multiple versions of Autodesk Design Review including 2011, 2012, 2013, 2017, and 2018 (NVD, Autodesk Advisory).

The vulnerability is classified as an out-of-bounds write vulnerability (CWE-787) that occurs when parsing TGA and PCX files through the DesignReview.exe application. It has received a CVSS v3.1 base score of 7.8 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low attack complexity, no privileges required, and user interaction required (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the affected system. The high CVSS score reflects the potential for complete compromise of system confidentiality, integrity, and availability (Autodesk Advisory).

Autodesk has released a security hotfix (Hotfix 6 Update) for Design Review 2018. Users of affected versions (2018 and earlier) are strongly recommended to download and install this security update. Users of Design Review 2013 or earlier versions must upgrade to version 2018 or later (Autodesk Advisory).