Threat Research

Fortinet Security Researchers Discover Multiple Vulnerabilities in AutoDesk Products: DWG TrueView, Navisworks & Design Review

By Kushal Arvind Shah and Yonghui Han | April 07, 2022

Towards the end of 2021, we discovered and reported multiple zero-day vulnerabilities in AutoDesk products: DWG TrueView, Design Review and Navisworks. Last week (the week of March 28, 2022), AutoDesk released several security patches (1, 2 & 3) which fixed them. These vulnerabilities are identified as CVE-2022-27525, CVE-2021-40167, CVE-2022-27526, CVE-2022-27527, CVE-2022-25797, CVE-2022-27523 and CVE-2022-27524. All these vulnerabilities have different root causes pertaining to the decoding of several file formats by the vulnerable AutoDesk products. Due to the severity of these vulnerabilities, we suggest users apply the AutoDesk patches as soon as possible.

Affected platforms: Windows
Impacted parties:

  • Users of Autodesk DWG TrueView versions 2022.1.1 and earlier, 2021.1.1 and earlier, 2020.1.4 and earlier, 2019.1.3 and earlier
  • Users of Autodesk Design Review versions 2018 Hotfix 4 and earlier
  • Users of Autodesk Navisworks versions 2022.1 and earlier, 2021.2 and earlier, 2020.3 and earlier, 2019.5 and earlier

Impact: Multiple Vulnerabilities leading to Arbitrary Code Execution or Information Disclosure.
Severity level: High

Following are some details on these vulnerabilities. More information can be found on the related Fortinet Zero Day Advisory pages by clicking the CVE links, below: 

CVE-2022-27525

This is a memory corruption vulnerability that exists in the decoding of Design Web Format (DWF) files in AutoDesk Design Review. Specifically, the vulnerability is caused by a malformed DWF file, which causes an out-of-bounds memory write due to an improper bounds check. 

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWF file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-27525.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2021-40167

This is a memory corruption vulnerability existing in the decoding of Design Web Format (DWF) files in AutoDesk Design Review. Specifically, the vulnerability is caused by a malformed DWF file, which causes an out-of-bounds memory access, due to improper bounds checking when manipulating a pointer to an allocated buffer.

A remote attacker may be able to exploit this vulnerability to leak memory within the context of the application, via a crafted DWF file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2021-40167.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-27526

This is a memory corruption vulnerability existing in AutoDesk Design Review. Specifically, the vulnerability is caused by a malformed Truevision (TGA) file, which causes an out-of-bounds memory access, due to improper bounds checking when manipulating a pointer to an allocated buffer.

A remote attacker may be able to exploit this vulnerability to leak memory within the context of the application, via a crafted TGA file.

Fortinet released IPS signature Autodesk.Design.Review.CVE-2022-27526.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-27527

This is a memory corruption vulnerability existing in AutoDesk Navisworks. Specifically, the vulnerability is caused by a malformed PDF file, which causes an out-of-bounds memory access, due to improper bounds checking when manipulating a pointer to an allocated buffer.

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PDF file.

Fortinet released IPS signature Autodesk.Navisworks.CVE-2022-27527.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-25797

This is a memory corruption vulnerability that exists in the decoding of AutoCAD Drawing ‘DWG’ files in AutoDesk DWG Trueview. Specifically, the vulnerability is caused by a malformed DWG file, which causes an out-of-bounds memory access due to an improper bounds check.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application, via a maliciously crafted DWG file.

Fortinet released IPS signature Autodesk.DWG.TrueView.CVE-2022-25797.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-27523

This is a buffer over-read vulnerability that exists in the decoding of AutoCAD Drawing ‘DWG’ files in Autodesk DWG TrueView. Specifically, the vulnerability is caused by a malformed DWG file, which causes a buffer over-read due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted DWG file.

Fortinet released IPS signature Autodesk.DWG.TrueView.CVE-2022-27523.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-27524

This is an out-of-bounds read vulnerability that exists in the decoding of AutoCAD Drawing ‘DWG’ files in Autodesk DWG TrueView. Specifically, the vulnerability is caused by a malformed DWG file, which causes an Out of Bounds Read memory access due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to leak sensitive information within the context of the application via a crafted DWG file.

Fortinet released IPS signature Autodesk.DWG.TrueView.CVE-2022-27524.Memory.Corruption for this specific vulnerability to proactively protect our customers.

Learn more about FortiGuard Labs global threat intelligence and research and the FortiGuard Security Subscriptions and Services portfolio.