CVE-2021-27033
8.1 HIGHA maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk ...
Published: 2021-07-09 · Last updated: 2026-06-19
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- CWE
- CWE-415
Affected products
| Vendor | Product |
|---|---|
| autodesk | design_review |
Description
A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-27033
- [Other]https://www.autodesk.com/products/autodesk-access/overview
- [Other]https://www.autodesk.com/support/technical/article/caas/sfdcarticles/sfdcarticles/Where-can-I-download-the-latest-update-of-AutoCAD-AutoCAD-LT-2022.html
- [Vendor advisory]https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
- [Vendor advisory]https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
Related CVEs
Same vendor
- CVE-2026-7454 — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability (7.8 HIGH)
- CVE-2026-7453 — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-... (5.5 MEDIUM)
- CVE-2026-7452 — A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability (7.8 HIGH)
- CVE-2026-7451 — A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability (7.8 HIGH)
- CVE-2026-7450 — A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability (5.5 MEDIUM)
Same CWE
- CVE-2026-12043 — Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor oper... (8.8 HIGH)
- CVE-2026-46690 — unbounded_spsc is an "unbounded" extension of bounded_spsc_queue (5.8 MEDIUM)
- CVE-2026-35188 — Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, tr... (5.0 MEDIUM)
- CVE-2026-45324 — Rizin is a UNIX-like reverse engineering framework and command-line toolset (3.3 LOW)
- CVE-2026-44422 — FreeRDP is a free implementation of the Remote Desktop Protocol (7.5 HIGH)