CVE-2022-27527

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
autodeskCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
autodesknavisworks
2019 ≤
𝑥
< 2019.6
autodesknavisworks
2020 ≤
𝑥
< 2020.4
autodesknavisworks
2021 ≤
𝑥
< 2021.3
autodesknavisworks
2022 ≤
𝑥
< 2022.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010