Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-27044

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-15 Sep, 2021 | 14:11
Updated At-03 Aug, 2024 | 20:40
Rejected At-
Credits

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:15 Sep, 2021 | 14:11
Updated At:03 Aug, 2024 | 20:40
Rejected At:
▼CVE Numbering Authority (CNA)

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

Affected Products
Vendor
n/a
Product
Autodesk FBX Review
Versions
Affected
  • 1.5.0
Problem Types
TypeCWE IDDescription
textN/AOut-Of-Bounds Read Vulnerability
Type: text
CWE ID: N/A
Description: Out-Of-Bounds Read Vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001
x_refsource_MISC
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001
x_refsource_MISC
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:15 Sep, 2021 | 15:15
Updated At:25 Apr, 2022 | 18:17

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Autodesk Inc.
autodesk
>>fbx_review>>1.4.0
cpe:2.3:a:autodesk:fbx_review:1.4.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE-787Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001psirt@autodesk.com
Patch
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001
Source: psirt@autodesk.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4586Records found
CVE-2023-27910
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.77%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitAutodesk FBX SDK
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-7675
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:57
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
3DM File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23123
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 01:38
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23150
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.37%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:17
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23121
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-1.08% / 76.96%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 01:18
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architectureautocad_civil_3dautocad_electricalautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23155
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.21%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:28
Updated-26 Aug, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocad_advance_steel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23140
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.83%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 01:01
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23146
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.26%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 02:28
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23122
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.94% / 75.27%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 01:36
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23152
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.29%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:25
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23157
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.84% / 73.71%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:30
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23148
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.60% / 68.38%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 02:42
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23124
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.92% / 74.96%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 02:14
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23145
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.60% / 68.38%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 02:27
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-7497
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:57
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23154
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.17%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:27
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3d
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23139
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 21.60%
||
7 Day CHG~0.00%
Published-17 Mar, 2024 | 23:58
Updated-26 Aug, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ActionScript Byte Code “ABC” Vulnerability in the Autodesk FBX Review software

A maliciously crafted ABC file, when parsed through Autodesk FBX, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-fbx_reviewFBX Reviewfbx_review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23120
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.81% / 73.20%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 23:36
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architectureautocad_civil_3dautocad_electricalautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-6631
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:53
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23153
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.78% / 72.72%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:26
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23125
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.29%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 02:23
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23143
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.30%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 02:05
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-6637
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.38%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:56
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23126
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.30% / 52.71%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 02:25
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23147
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.66% / 70.26%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 02:32
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23156
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.33%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:30
Updated-26 Aug, 2025 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_plant_3d
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23127
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.91%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 02:59
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23151
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.33%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:24
Updated-26 Aug, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-civil_3dautocadautocad_mechanicaladvance_steelautocad_electricalautocad_plant_3dautocad_architectureautocad_mepautocad_map_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23149
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.27%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 02:43
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-6633
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.42%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 20:43
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RBG File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-6632
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.42%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 20:42
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PSD File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-6635
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.36%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:53
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-12200
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:26
Updated-26 Aug, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12198
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:22
Updated-26 Aug, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12192
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:17
Updated-26 Aug, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12179
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.24%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:19
Updated-26 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12197
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:21
Updated-26 Aug, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12193
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:18
Updated-26 Aug, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12191
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:17
Updated-26 Aug, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12199
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:24
Updated-26 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12178
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.24%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:16
Updated-26 Aug, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12669
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.24%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:27
Updated-26 Aug, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12670
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.24%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:28
Updated-26 Aug, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12671
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.24%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:28
Updated-26 Aug, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-12194
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.81%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 15:20
Updated-26 Aug, 2025 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulate
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5046
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.36%
||
7 Day CHG+0.01%
Published-15 Aug, 2025 | 14:37
Updated-20 Aug, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DGN File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_electricalautocad_ltcivil_3dadvance_steelautocad_map_3dautocad_plant_3dautocad_mepautocad_mechanicalautocad_architectureautocadAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD LTAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-11608
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.27%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 17:53
Updated-26 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitrevit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25009
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.87%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_max_usdAutodesk 3ds Max USD Plugin
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5042
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.10%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 16:02
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RFA File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0446
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.24%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 23:16
Updated-26 Aug, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architectureautocad_civil_3dautocad_electricalautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dautocad_advance_steel
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 91
  • 92
  • Next
Details not found