CVE-2022-27871

high-risk
Published 2022-06-21

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

Do I need to act?

-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

3Ds Max
3Ds Max

Affected Vendors

Autodesk

References (2)

Vendor Advisory https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011
Vendor Advisory https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011
51
/ 100
high-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 26/34 · High