Strix
26.1K

CVE-2022-27871

HIGHCVSS 7.8/10EPSS 0.72%

Last modified

CVE-2022-27871 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.. EPSS estimates a 0.72% chance of exploitation in the next 30 days.

Description

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability
0.72%

49.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Autodesk3ds Max2021
Autodesk3ds Max2022
AutodeskAdvance Steel2019
AutodeskAdvance Steel2020
AutodeskAdvance Steel2021
AutodeskAdvance Steel2022
AutodeskAutocad2019
AutodeskAutocad2020
AutodeskAutocad2021
AutodeskAutocad2022
AutodeskAutocad Architecture2019
AutodeskAutocad Architecture2020
AutodeskAutocad Architecture2021
AutodeskAutocad Architecture2022
AutodeskAutocad Civil 3d2019
AutodeskAutocad Civil 3d2020
AutodeskAutocad Civil 3d2021
AutodeskAutocad Civil 3d2022
AutodeskAutocad Electrical2019
AutodeskAutocad Electrical2020
AutodeskAutocad Electrical2021
AutodeskAutocad Electrical2022
AutodeskAutocad Lt2019
AutodeskAutocad Lt2020
AutodeskAutocad Lt2021
AutodeskAutocad Lt2022
AutodeskAutocad Map 3d2019
AutodeskAutocad Map 3d2020
AutodeskAutocad Map 3d2021
AutodeskAutocad Map 3d2022
AutodeskAutocad Mechanical2019
AutodeskAutocad Mechanical2020
AutodeskAutocad Mechanical2021
AutodeskAutocad Mechanical2022
AutodeskAutocad Mep2019
AutodeskAutocad Mep2020
AutodeskAutocad Mep2021
AutodeskAutocad Mep2022
AutodeskAutocad Plant 3d2019
AutodeskAutocad Plant 3d2020
AutodeskAutocad Plant 3d2021
AutodeskAutocad Plant 3d2022
AutodeskDesign Review2018
AutodeskNavisworks2019
AutodeskNavisworks2020
AutodeskNavisworks2022
AutodeskRevit2020
AutodeskRevit2021
AutodeskRevit2022

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-27871?
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
How severe is CVE-2022-27871?
CVE-2022-27871 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.72% probability of exploitation in the next 30 days.
How do I fix CVE-2022-27871?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-27871?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST