Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-40158

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-25 Jan, 2022 | 00:00
Updated At-04 Aug, 2024 | 02:27
Rejected At-
Credits

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:25 Jan, 2022 | 00:00
Updated At:04 Aug, 2024 | 02:27
Rejected At:
▼CVE Numbering Authority (CNA)

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected Products
Vendor
n/a
Product
Inventor
Versions
Affected
  • 2022, 2021, 2020, 2019
Problem Types
TypeCWE IDDescription
textN/AOut-of-bounds Read
Type: text
CWE ID: N/A
Description: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-287/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-283/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-288/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-286/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-284/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-285/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-281/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-449/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-441/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-453/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-444/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-447/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-448/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-452/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-445/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-466/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-451/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-454/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-443/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-450/
N/A
https://www.zerodayinitiative.com/advisories/ZDI-22-455/
N/A
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-287/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-283/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-288/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-286/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-284/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-285/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-281/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-449/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-441/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-453/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-444/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-447/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-448/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-452/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-445/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-466/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-451/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-454/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-443/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-450/
Resource: N/A
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-455/
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-287/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-283/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-288/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-286/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-284/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-285/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-281/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-449/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-441/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-453/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-444/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-447/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-448/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-452/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-445/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-466/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-451/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-454/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-443/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-450/
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-22-455/
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-287/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-283/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-288/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-286/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-284/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-285/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-281/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-449/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-441/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-453/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-444/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-447/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-448/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-452/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-445/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-466/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-451/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-454/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-443/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-450/
Resource:
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-455/
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:25 Jan, 2022 | 20:15
Updated At:16 Nov, 2022 | 04:05

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Autodesk Inc.
autodesk
>>advance_steel>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>civil_3d>>Versions from 2022(inclusive) to 2022.1.2(exclusive)
cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>inventor>>Versions from 2022(inclusive) to 2022.2(exclusive)
cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>inventor>>2019
cpe:2.3:a:autodesk:inventor:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>inventor>>2020
cpe:2.3:a:autodesk:inventor:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>inventor>>2021
cpe:2.3:a:autodesk:inventor:2021:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002psirt@autodesk.com
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-22-281/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-283/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-284/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-285/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-286/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-287/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-288/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-441/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-443/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-444/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-445/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-447/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-448/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-449/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-450/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-451/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-452/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-453/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-454/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-455/psirt@autodesk.com
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-22-466/psirt@autodesk.com
Third Party Advisory
VDB Entry
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002
Source: psirt@autodesk.com
Resource:
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-281/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-283/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-284/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-285/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-286/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-287/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-288/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-441/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-443/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-444/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-445/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-447/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-448/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-449/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-450/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-451/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-452/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-453/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-454/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-455/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-22-466/
Source: psirt@autodesk.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

1267Records found
CVE-2024-23143
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.30%
||
7 Day CHG-0.31%
Published-25 Jun, 2024 | 02:05
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-23153
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.43%
||
7 Day CHG-0.47%
Published-25 Jun, 2024 | 03:26
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23149
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG-0.01%
Published-25 Jun, 2024 | 02:43
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23145
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.33%
||
7 Day CHG-0.36%
Published-25 Jun, 2024 | 02:27
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23140
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.32%
||
7 Day CHG-0.42%
Published-25 Jun, 2024 | 01:01
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23152
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.85%
||
7 Day CHG+0.09%
Published-25 Jun, 2024 | 03:25
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-6635
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:53
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-6632
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.45%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 20:42
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PSD File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-25003
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.66%
||
7 Day CHG~0.00%
Published-23 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-aliasautocad_mechanicalnavisworksautocad_map_3dvredautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventormaya_usdautocad_plant_3dautocad_electricalautocad_ltinfraworksrevit AutoCAD, Maya
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-5042
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.12%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 16:02
Updated-27 Aug, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RFA File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevit
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40162
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.07%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-41302
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.51%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitFBX SDK
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-36999
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.34%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:33
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33881
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.81%
||
7 Day CHG~0.00%
Published-29 Jul, 2022 | 15:18
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-37005
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.83% / 73.52%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:13
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27531
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.23%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 15:46
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_maxAutodesk 3ds Max
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27869
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 57.90%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:23
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocadAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27866
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.38%
||
7 Day CHG~0.00%
Published-29 Jul, 2022 | 19:01
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25794
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-1658
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 12:27
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks SimulateNavisworks ManageNavisworks Freedom
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-1652
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.88%
||
7 Day CHG+0.01%
Published-13 Mar, 2025 | 16:51
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-1659
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.28%
||
7 Day CHG~0.00%
Published-01 Apr, 2025 | 12:28
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks SimulateNavisworks ManageNavisworks Freedom
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-1433
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.88%
||
7 Day CHG+0.01%
Published-13 Mar, 2025 | 16:51
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MODEL File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40167
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk® Design Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40160
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 18:31
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicaldesign_reviewautocad_plant_3dnavisworksautocad_map_3dadvance_steelautocadautocad_electricalautocad_ltrevitautocad_architecturecivil_3dautocad_mepRevit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40155
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-9827
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.83%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:14
Updated-25 Apr, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD ACTranslators CATPART File Parsing Out-Of-Bounds Read Vulnerability

A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAutoCAD MEPAutoCAD ElectricalAutoCAD ArchitectureAdvance SteelAutoCADAutoCAD MAP 3DCivil 3DAutoCAD MechanicalAutoCAD Plant 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-7670
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.83%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 20:25
Updated-26 Aug, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-navisworksNavisworks ManageNavisworks FreedomNavisworks Simulatenavisworks_simulatenavisworks_managenavisworks_freedom
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-5046
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.40%
||
7 Day CHG+0.01%
Published-15 Aug, 2025 | 14:37
Updated-20 Aug, 2025 | 21:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DGN File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_electricalautocad_ltcivil_3dadvance_steelautocad_map_3dautocad_plant_3dautocad_mepautocad_mechanicalautocad_architectureautocadAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD LTAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27044
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.97% / 75.70%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 14:11
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27027
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.38%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 15:08
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27045
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-1431
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.88%
||
7 Day CHG+0.01%
Published-13 Mar, 2025 | 16:48
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SLDPRT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-8589
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.83%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:07
Updated-26 Aug, 2025 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-27906
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.09%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-maya_usdAutodesk Maya USD Plugin
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-27912
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.91%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_architectureautocad_civil_3dautocad_plant_3dautocad_mechanicalautocad_advance_steelautocad_ltautocad_electricalautocad_map_3dautocadautocad_mepAutodesk AutoCAD
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-27915
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.07%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_architectureautocad_civil_3dautocad_plant_3dautocad_mechanicalautocad_advance_steelautocad_ltautocad_electricalautocad_map_3dautocadautocad_mepAutodesk AutoCAD
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-25008
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.09%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_max_usdAutodesk 3ds Max USD Plugin
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-8588
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.83%
||
7 Day CHG~0.00%
Published-29 Oct, 2024 | 21:06
Updated-26 Aug, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Microsoft CorporationAutodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dautocad_electricalautocad_mepwindowsautocad_civil_3dautocadautocad_advance_steelAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-1428
Matching Score-10
Assigner-Autodesk
ShareView Details
Matching Score-10
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.88%
||
7 Day CHG+0.01%
Published-13 Mar, 2025 | 16:46
Updated-19 Aug, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPRODUCT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architectureautocad_mechanicalautocadautocad_plant_3dautocad_electricaladvance_steelcivil_3dautocad_map_3dautocad_mepAutoCAD MechanicalAutoCAD ArchitectureAutoCAD Plant 3DCivil 3DAutoCAD ElectricalAutoCAD MEPAdvance SteelAutoCADAutoCAD MAP 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-25002
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.20%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-vred3ds_maxrevitnavisworksMultiple
CWE ID-CWE-416
Use After Free
CVE-2024-23159
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.57% / 67.65%
||
7 Day CHG-0.87%
Published-25 Jun, 2024 | 03:33
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2021-27033
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.89% / 74.60%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:12
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-415
Double Free
CVE-2021-27037
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.48% / 64.26%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:17
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-416
Use After Free
CVE-2021-27028
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.73% / 71.72%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 15:09
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7363
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.61%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 19:35
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-416
Use After Free
CVE-2019-7358
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.85% / 74.00%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 19:22
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_p\&idautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutodesk AutoCAD Plant 3DAutodesk Civil 3DAutodesk AutoCAD ElectricalAutodesk AutoCAD MEPAutodesk Advance SteelAutodesk AutoCAD LTAutodesk AutoCAD MechanicalAutodesk AutoCAD P&IDAutodesk AutoCAD ArchitectureAutodesk AutoCADAutodesk AutoCAD Map 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7364
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.10%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 19:36
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_p\&idautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD P&ID
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-7361
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.48%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 19:22
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_p\&idautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutodesk AutoCAD Plant 3DAutodesk Civil 3DAutodesk AutoCAD ElectricalAutodesk AutoCAD MEPAutodesk Advance SteelAutodesk AutoCAD MechanicalAutodesk AutoCAD LTAutodesk AutoCAD P&IDAutodesk AutoCAD ArchitectureAutodesk AutoCADAutodesk AutoCAD Map 3D
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2019-7359
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.75% / 72.17%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 19:22
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_p\&idautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutodesk AutoCAD Plant 3DAutodesk Civil 3DAutodesk AutoCAD ElectricalAutodesk AutoCAD MEPAutodesk Advance SteelAutodesk AutoCAD MechanicalAutodesk AutoCAD LTAutodesk AutoCAD P&IDAutodesk AutoCAD ArchitectureAutodesk AutoCAD Map 3DAutodesk AutoCAD
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 25
  • 26
  • Next
Details not found