CVE-2022-27871: 
Autodesk Design Review vulnerability analysis and mitigation

A critical vulnerability identified as CVE-2022-27871 affects Autodesk AutoCAD product suite, Revit, Design Review, and Navisworks releases using PDFTron prior to version 9.1.17. The vulnerability was discovered and disclosed in March 2022, with patches released in May 2022. The issue involves a heap-based buffer overflow vulnerability that occurs while parsing PDF files (Autodesk Advisory).

The vulnerability is classified as a heap-based buffer overflow that occurs during PDF file parsing operations. It received a CVSS v3.1 score of 7.8 HIGH, indicating significant severity (NVD). The technical issue stems from improper buffer allocation and boundary checking when processing PDF files, which could lead to memory corruption (Autodesk Advisory).

If successfully exploited, this vulnerability may allow attackers to execute arbitrary code on the affected system. The vulnerability affects multiple versions of Autodesk products, including AutoCAD 2019-2022, Revit 2020-2022, Design Review 2018, and various other AutoCAD-based specialized toolsets (Autodesk Advisory).

Autodesk has released patches for affected products, including updates to version 2022.1.2 for AutoCAD products, 2022.1.2 for Revit, and 2018 Hotfix 6 for Design Review. Users are strongly recommended to apply these updates through the Autodesk Desktop App or Accounts Portal. As an additional precaution, users should only open PDF files from trusted sources (Autodesk Advisory).