CVE-2021-27040 : A maliciously crafted DWG file can be forced to read beyond allocated boundaries

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.

Published 2021-06-25 13:15:08

Updated 2022-05-13 17:31:43

Source Autodesk

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2021-27040

Autodesk » Autocad
Versions from including (>=) 2022 and before (<) 2022.0.1
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Electrical
Versions from including (>=) 2022 and before (<) 2022.0.1
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Electrical
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Electrical
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Electrical
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Lt
Versions from including (>=) 2022 and before (<) 2022.0.1
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Lt
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Lt
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Lt
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mechanical
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mechanical
Versions from including (>=) 2022 and before (<) 2022.0.1
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mechanical
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mechanical
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Map 3d
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Map 3d
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Map 3d
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Map 3d
Versions from including (>=) 2022 and before (<) 2022.0.1
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mep
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mep
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mep
Versions from including (>=) 2022 and before (<) 2022.0.1
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Mep
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Plant 3d
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Plant 3d
Versions from including (>=) 2022 and before (<) 2022.0.1
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Plant 3d
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Plant 3d
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Dwg Trueview
Versions from including (>=) 2022 and before (<) 2022.1.1
cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Architecture
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Architecture
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Architecture
Versions from including (>=) 2022 and up to, including, (<=) 2022.0.1
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Autocad Architecture
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Advance Steel
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Advance Steel
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Advance Steel
Versions from including (>=) 2022 and before (<) 2022.0.1
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Advance Steel
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Civil 3d
Versions from including (>=) 2021 and before (<) 2021.1.1
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Civil 3d
Versions from including (>=) 2022 and before (<) 2022.0.1
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Civil 3d
Versions from including (>=) 2019 and before (<) 2019.1.3
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Matching versions
Autodesk » Civil 3d
Versions from including (>=) 2020 and before (<) 2020.1.4
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Matching versions
Iconics » Genesis64
Versions up to, including, (<=) 10.97
cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*
Matching versions
Mitsubishielectric » Mc Works64
Versions up to, including, (<=) 4.04e
cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-27040

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 55 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-27040

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N	1.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2021-27040

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-27040

https://www.zerodayinitiative.com/advisories/ZDI-22-473/

ZDI-22-473 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1236/

ZDI-21-1236 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-378/

ZDI-22-378 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-1238/

ZDI-21-1238 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004

Security Advisories | Autodesk Trust Center
Vendor Advisory

Jump to

Vulnerability Details : CVE-2021-27040

Products affected by CVE-2021-27040

Exploit prediction scoring system (EPSS) score for CVE-2021-27040

CVSS scores for CVE-2021-27040

CWE ids for CVE-2021-27040

References for CVE-2021-27040