An attacker may leverage this issue to install a backdoor on the targeted system, steal sensitive information, or perform any other actions that may be beneficial to the attacker. TIF, PICT, TGA, or RLC files are frequently used in various software applications, including Autodesk products. These files are opened by various software components, such as, color management, photo editing, and animation. Due to the fact that these files may contain malicious code, it is important to maintain a high level of vigilance in order to protect your system from vulnerabilities.

Overview:

A vulnerability has been discovered in Autodesk products that could allow an attacker to gain undesired access to a system. This issue was found in the TIF, PICT, TGA, and RLC files which are frequently opened by various software components in Autodesk products. Due to the fact that these files may contain malicious code, it is important for systems to be kept up-to-date with patch releases.
The vulnerability resides in the way that Autodesk products handle TIF, PICT, TGA, and RLC file parsing. By issuing a specially crafted command line argument, an attacker could cause a memory corruption error when parsing these files. As a result of this memory corruption error, the vulnerable program would fail to function properly and provide unauthorized access to the system's data.

Vulnerability Overview:

A vulnerability in Autodesk products gives an attacker the ability to install a backdoor on targeted systems and perform any other actions that may be beneficial to the attacker.

Tips to protect your system from attack with TIFF file

The TIFF file format is a popular and widely-used file format for storing high-quality images. However, the TIFF file format does not require a specific type of image to be embedded in the file and may contain malicious code. So, remember that just because a file is coming from an external source doesn't always mean it's safe.
- Always scan all files you download before installing them on your system
- Make sure your antivirus software remains up to date
- Turn off automatic downloads for files delivered in email attachments or URL links
- Scan all downloaded files using an application designed specifically for detecting malicious code (such as Malwarebytes)

How do I know if my version is vulnerable?

If you are using Autodesk products on your machine and have not installed the latest version of the software, it is possible that your version is vulnerable. The easiest way to determine if this is the case would be to check the release notes. For more information on which versions are vulnerable, please review this article:https://www.autodesk.com/…/how-to-find-if-a-version-of-autodesk-products-is-vulnerable
It's a good idea to install the latest version of your software as soon as possible in order to avoid new vulnerabilities from being introduced into the system.

Timeline

Published on: 10/07/2022 18:15:00 UTC
Last modified on: 10/11/2022 17:06:00 UTC

References