Autodesk Design Review — known CVE vulnerabilities
Every CVE whose affected-product data names Autodesk Design Review, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2008-4472 — CVSS 9.3 (critical): The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk…
CVE-2008-4471 — CVSS 9.3 (critical): Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in…
CVE-2022-27864 — CVSS 8.8 (high): A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within…
CVE-2021-27033 — CVSS 8.1 (high): A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk…
CVE-2022-42944 — CVSS 7.8 (high): A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2019-7362 — CVSS 7.8 (high): DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a…
CVE-2019-7363 — CVSS 7.8 (high): Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a…
CVE-2022-42941 — CVSS 7.8 (high): A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-42942 — CVSS 7.8 (high): A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-42943 — CVSS 7.8 (high): A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2021-27034 — CVSS 7.8 (high): A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011…
CVE-2021-27035 — CVSS 7.8 (high): A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read…
CVE-2021-27036 — CVSS 7.8 (high): A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF…
CVE-2021-27037 — CVSS 7.8 (high): A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object…
CVE-2021-27038 — CVSS 7.8 (high): A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF…
CVE-2021-27039 — CVSS 7.8 (high): A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for…
CVE-2021-27041 — CVSS 7.8 (high): A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be…
CVE-2021-40160 — CVSS 7.8 (high): PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This…
CVE-2021-40161 — CVSS 7.8 (high): A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7…
CVE-2021-40162 — CVSS 7.8 (high): A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries…
CVE-2021-40163 — CVSS 7.8 (high): A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing…
CVE-2021-40164 — CVSS 7.8 (high): A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute…
CVE-2021-40165 — CVSS 7.8 (high): A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer…
CVE-2021-40166 — CVSS 7.8 (high): A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed…
CVE-2021-40167 — CVSS 7.8 (high): A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-27525 — CVSS 7.8 (high): A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-27526 — CVSS 7.8 (high): A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This…
CVE-2022-27865 — CVSS 7.8 (high): A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing…
CVE-2022-27866 — CVSS 7.8 (high): A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when…
CVE-2022-27871 — CVSS 7.8 (high): Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write…
CVE-2022-33889 — CVSS 7.8 (high): A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write…
CVE-2022-33890 — CVSS 7.8 (high): A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-41306 — CVSS 7.8 (high): A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write…
CVE-2022-41309 — CVSS 7.8 (high): A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-41310 — CVSS 7.8 (high): A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-42933 — CVSS 7.8 (high): A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-42934 — CVSS 7.8 (high): A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-42935 — CVSS 7.8 (high): A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-42936 — CVSS 7.8 (high): A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-42937 — CVSS 7.8 (high): A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by…
CVE-2022-42938 — CVSS 7.8 (high): A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This…
CVE-2022-42939 — CVSS 7.8 (high): A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This…
CVE-2022-42940 — CVSS 7.8 (high): A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This…
CVE-2015-8572 — CVSS 6.8 (medium): Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted…
CVE-2014-9268 — CVSS 6.8 (medium): The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary…
CVE-2015-8571 — CVSS 6.8 (medium): Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted…