Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7079

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-17 Apr, 2020 | 17:54
Updated At-04 Aug, 2024 | 09:18
Rejected At-
Credits

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:17 Apr, 2020 | 17:54
Updated At:04 Aug, 2024 | 09:18
Rejected At:
▼CVE Numbering Authority (CNA)

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.

Affected Products
Vendor
n/a
Product
Autodesk Dynamo BIM
Versions
Affected
  • 2.5.1, 2.5.0
Problem Types
TypeCWE IDDescription
textN/AImproper signature validation vulnerability
Type: text
CWE ID: N/A
Description: Improper signature validation vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0001
x_refsource_MISC
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0001
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0001
x_refsource_MISC
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0001
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:17 Apr, 2020 | 18:15
Updated At:23 Apr, 2020 | 13:42

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.04.4MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.4
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Autodesk Inc.
autodesk
>>dynamo_bim>>2.5.0
cpe:2.3:a:autodesk:dynamo_bim:2.5.0:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>dynamo_bim>>2.5.1
cpe:2.3:a:autodesk:dynamo_bim:2.5.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-426Primarynvd@nist.gov
CWE ID: CWE-426
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0001psirt@autodesk.com
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0001
Source: psirt@autodesk.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

392Records found
CVE-2025-5335
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.62%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 14:50
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Ecalation due to Untrusted Search Path Vulnerability

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-Autodesk Inc.
Product-installerInstaller
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-5039
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.69%
||
7 Day CHG~0.00%
Published-24 Jul, 2025 | 17:11
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Ecalation due to Untrusted Search Path Vulnerability

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

Action-Not Available
Vendor-Autodesk Inc.
Product-infrastructure_parts_editorvaultinventornavisworks_managenavisworks_simulaterevitAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD LTAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3DRealDWG
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-11454
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.20%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 17:48
Updated-26 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Search Path vulnerability in Autodesk Revit

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitrevit
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-7995
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.53%
||
7 Day CHG~0.00%
Published-05 Nov, 2024 | 20:06
Updated-26 Aug, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk VRED Design Privilege Escalation Vulnerability

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-Autodesk Inc.
Product-vredVRED Designvred
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-7365
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.17%
||
7 Day CHG~0.00%
Published-03 Dec, 2019 | 17:01
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autodesk_desktopAutodesk Desktop Application
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-27907
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.91%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-maya_usdAutodesk Maya USD Plugin
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40157
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.76%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 14:11
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-40163
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.44%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40167
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk® Design Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40164
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.97%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40155
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40161
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 18:31
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicaldesign_reviewautocad_plant_3dnavisworksautocad_map_3dadvance_steelautocadautocad_electricalautocad_ltrevitautocad_architecturecivil_3dautocad_mepRevit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40159
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.16%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-inventorautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepInventor
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-40162
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-37005
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.83% / 73.52%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:13
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-37000
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.95%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:01
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37004
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.32%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:13
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-416
Use After Free
CVE-2024-37008
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.13%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 10:02
Updated-26 Aug, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Overflow Vulnerability in Revit Software

A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitRevit LTrevit_lt
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37006
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.33%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:15
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37007
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.46%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:35
Updated-27 Aug, 2025 | 21:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-416
Use After Free
CVE-2024-37003
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.37%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:12
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-36999
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.34%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:33
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-37002
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.58%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:07
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2024-37001
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.34%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:03
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27872
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:23
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksNavisworks
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-27034
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.32%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:16
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23143
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.30%
||
7 Day CHG-0.31%
Published-25 Jun, 2024 | 02:05
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23142
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.45%
||
7 Day CHG-0.36%
Published-25 Jun, 2024 | 01:24
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-416
Use After Free
CVE-2024-23146
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.29%
||
7 Day CHG-0.40%
Published-25 Jun, 2024 | 02:28
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23150
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.81%
||
7 Day CHG-0.15%
Published-25 Jun, 2024 | 03:17
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23159
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.57% / 67.65%
||
7 Day CHG-0.87%
Published-25 Jun, 2024 | 03:33
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-23152
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.85%
||
7 Day CHG+0.09%
Published-25 Jun, 2024 | 03:25
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23155
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.22%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:28
Updated-26 Aug, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocad_advance_steel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23149
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG-0.01%
Published-25 Jun, 2024 | 02:43
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23153
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.43%
||
7 Day CHG-0.47%
Published-25 Jun, 2024 | 03:26
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23144
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.33%
||
7 Day CHG-0.36%
Published-25 Jun, 2024 | 02:10
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23151
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.33%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:24
Updated-26 Aug, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23139
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.63%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 23:58
Updated-26 Aug, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ActionScript Byte Code “ABC” Vulnerability in the Autodesk FBX Review software

A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-fbx_reviewFBX Reviewfbx_review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23148
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.33%
||
7 Day CHG-0.36%
Published-25 Jun, 2024 | 02:42
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23140
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.32%
||
7 Day CHG-0.42%
Published-25 Jun, 2024 | 01:01
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23126
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.45%
||
7 Day CHG-0.19%
Published-22 Feb, 2024 | 02:25
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23128
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.42%
||
7 Day CHG-0.42%
Published-22 Feb, 2024 | 03:18
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23124
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.54%
||
7 Day CHG-0.55%
Published-22 Feb, 2024 | 02:14
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23136
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.38%
||
7 Day CHG-0.57%
Published-22 Feb, 2024 | 04:48
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-23135
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.75%
||
7 Day CHG-1.04%
Published-22 Feb, 2024 | 04:34
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-416
Use After Free
CVE-2024-23127
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.42%
||
7 Day CHG-0.42%
Published-22 Feb, 2024 | 02:59
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23122
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.09%
||
7 Day CHG-0.57%
Published-22 Feb, 2024 | 01:36
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23123
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.09%
||
7 Day CHG-0.57%
Published-22 Feb, 2024 | 01:38
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23138
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 54.88%
||
7 Day CHG-0.50%
Published-17 Mar, 2024 | 23:56
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software

A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_ltautocad_electricaladvance_steelautocad_map_3ddwg_trueviewautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MacAutoCAD MAP 3DAutoCAD ElectricalAutoCAD LT for MacAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3Dautocadautocad_architectureautocad_civil_3dautocad_electricalautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dautocad_advance_steel
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2022-42938
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.15%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 7
  • 8
  • Next
Details not found