Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-40155

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-15 Sep, 2021 | 16:35
Updated At-04 Aug, 2024 | 02:27
Rejected At-
Credits

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:15 Sep, 2021 | 16:35
Updated At:04 Aug, 2024 | 02:27
Rejected At:
▼CVE Numbering Authority (CNA)

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Affected Products
Vendor
n/a
Product
Autodesk Navisworks
Versions
Affected
  • 2019, 2020, 2021, 2022
Problem Types
TypeCWE IDDescription
textN/AOut-of-bound Read
Type: text
CWE ID: N/A
Description: Out-of-bound Read
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009
x_refsource_MISC
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009
x_refsource_MISC
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:15 Sep, 2021 | 17:15
Updated At:28 Sep, 2021 | 12:25

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Autodesk Inc.
autodesk
>>navisworks>>2019
cpe:2.3:a:autodesk:navisworks:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>navisworks>>2020
cpe:2.3:a:autodesk:navisworks:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>navisworks>>2021
cpe:2.3:a:autodesk:navisworks:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>navisworks>>2022
cpe:2.3:a:autodesk:navisworks:2022:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009psirt@autodesk.com
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0009
Source: psirt@autodesk.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1267Records found
CVE-2022-42939
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42941
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42940
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42947
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.61%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-mayaAutodesk Maya
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42945
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.64% / 69.57%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-dwg_trueviewDWG TrueView
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-42938
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.16%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42943
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42936
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42934
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.16%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42933
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.86%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42937
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.16%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42944
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-42935
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.16%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41308
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.78%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-subassembly_composerSubassembly Composer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41304
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.65%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitFBX SDK
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41307
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.29% / 51.92%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-subassembly_composerSubassembly Composer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41305
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-subassembly_composerSubassembly Composer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41303
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.92%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitFBX SDK
CWE ID-CWE-416
Use After Free
CVE-2022-41309
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.32%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-41301
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-subassembly_composerSubassembly Composer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-8572
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.34% / 90.60%
||
7 Day CHG~0.00%
Published-15 Dec, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8571
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.24% / 83.90%
||
7 Day CHG~0.00%
Published-15 Dec, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewn/a
CVE-2024-37000
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.44%
||
7 Day CHG-0.20%
Published-25 Jun, 2024 | 03:01
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27038
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.28%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:17
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-27035
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.48%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:16
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1650
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.96%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:51
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPRODUCT File Parsing Uninitialized Variable Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-1432
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.96%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:49
Updated-28 Aug, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
3DM File Parsing Use-After-Free Vulnerability

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electrical
CWE ID-CWE-416
Use After Free
CVE-2021-27039
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.31%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:18
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocaddesign_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1656
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:56
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF File Parsing Heap-based Overflow Vulnerability

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1660
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.08%
||
7 Day CHG-0.02%
Published-01 Apr, 2025 | 12:29
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Memory Corruption Vulnerability

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks SimulateNavisworks ManageNavisworks Freedom
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27034
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.33%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:16
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1427
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.96%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:46
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPRODUCT File Parsing Uninitialized Variable Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-1273
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:56
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1429
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.96%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:47
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Heap-Based Buffer Overflow Vulnerability

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1277
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:57
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF File Parsing Memory Corruption Vulnerability

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27033
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.89% / 74.62%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:12
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-415
Double Free
CVE-2025-1649
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.96%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:51
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPRODUCT File Parsing Uninitialized Variable Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2025-1276
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.24%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:55
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWG File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-dwg_trueviewautocadautocad_electricalinventoradvance_steelcivil_3drevitautocad_mepautocad_ltautocad_architectureinfrastructure_parts_editorautocad_mechanicalautocad_plant_3dvaultnavisworks_managenavisworks_simulateautocad_map_3dAutoCAD MechanicalAutoCAD ArchitectureDWG TrueViewAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCAD LTAutoCADAutoCAD MAP 3DRealDWG
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1430
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.96%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:48
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SLDPRT File Parsing Memory Corruption Vulnerability

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1651
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.96%
||
7 Day CHG~0.00%
Published-13 Mar, 2025 | 16:51
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Heap-Based Buffer Overflow Vulnerability

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1275
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.76%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:54
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JPG File Parsing Heap-Based Overflow Vulnerability

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_ltdwg_trueviewautocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3drevitautocad_map_3dautocad_mepAutoCAD MechanicalRevitAutoCAD ArchitectureDWG TrueViewAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCAD LTAutoCADAutoCAD MAP 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-1274
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.34%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 20:58
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RCS File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-9996
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.06%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:45
Updated-26 Aug, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Code Execution Vulnerability

A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_ltautocadautocad_advance_steelautocad_plant_3ddwg_trueviewautocad_civil_3dautocad_mechanicalautocad_mepautocad_electricalautocad_architectureAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-9997
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.06%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:45
Updated-26 Aug, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_ltautocad_mepdwg_trueviewautocad_mechanicalautocad_civil_3dautocad_electricalautocadautocad_advance_steelautocad_architectureautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-9826
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.33%
||
7 Day CHG+0.01%
Published-29 Oct, 2024 | 21:14
Updated-26 Aug, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD ACTranslators 3DM File Parsing Use-After-Free Code Execution Vulnerability

A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-416
Use After Free
CVE-2024-9489
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.06%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:44
Updated-26 Aug, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocadautocad_civil_3dautocad_electricalautocad_ltdwg_trueviewautocad_architectureautocad_mepAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3DRealDWG
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-9500
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.60%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 21:24
Updated-26 Aug, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk ADP Desktop SDK Privilege Escalation Vulnerability

A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.

Action-Not Available
Vendor-Autodesk Inc.
Product-installerInstallerinstaller
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-8598
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:12
Updated-26 Aug, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD ACTranslators STEP File Parsing Memory Corruption Code Execution Vulnerability

A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8591
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.59%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:08
Updated-26 Aug, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Code Execution Vulnerability

A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-8600
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.85%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:14
Updated-26 Aug, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 25
  • 26
  • Next
Details not found