Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-27871

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-21 Jun, 2022 | 14:23
Updated At-03 Aug, 2024 | 05:41
Rejected At-
Credits

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:21 Jun, 2022 | 14:23
Updated At:03 Aug, 2024 | 05:41
Rejected At:
▼CVE Numbering Authority (CNA)

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

Affected Products
Vendor
n/a
Product
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks
Versions
Affected
  • 2022, 2021, 2020,2019
Problem Types
TypeCWE IDDescription
textN/AHeap-based Buffer Overflow vul
Type: text
CWE ID: N/A
Description: Heap-based Buffer Overflow vul
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011
x_refsource_MISC
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011
x_refsource_MISC
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:21 Jun, 2022 | 15:15
Updated At:29 Jun, 2022 | 17:18

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Autodesk Inc.
autodesk
>>3ds_max>>2021
cpe:2.3:a:autodesk:3ds_max:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>3ds_max>>2022
cpe:2.3:a:autodesk:3ds_max:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>2019
cpe:2.3:a:autodesk:advance_steel:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>2020
cpe:2.3:a:autodesk:advance_steel:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>2021
cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>advance_steel>>2022
cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2019
cpe:2.3:a:autodesk:autocad:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2020
cpe:2.3:a:autodesk:autocad:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2021
cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2022
cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2022
cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:macos:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2019
cpe:2.3:a:autodesk:autocad_architecture:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2020
cpe:2.3:a:autodesk:autocad_architecture:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2021
cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2022
cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>2019
cpe:2.3:a:autodesk:autocad_civil_3d:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>2020
cpe:2.3:a:autodesk:autocad_civil_3d:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>2021
cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>2022
cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2019
cpe:2.3:a:autodesk:autocad_electrical:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2020
cpe:2.3:a:autodesk:autocad_electrical:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2021
cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2022
cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2019
cpe:2.3:a:autodesk:autocad_lt:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2020
cpe:2.3:a:autodesk:autocad_lt:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2021
cpe:2.3:a:autodesk:autocad_lt:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2022
cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2022
cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:macos:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2019
cpe:2.3:a:autodesk:autocad_map_3d:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2020
cpe:2.3:a:autodesk:autocad_map_3d:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2021
cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2022
cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2019
cpe:2.3:a:autodesk:autocad_mechanical:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2020
cpe:2.3:a:autodesk:autocad_mechanical:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2021
cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2022
cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2019
cpe:2.3:a:autodesk:autocad_mep:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2020
cpe:2.3:a:autodesk:autocad_mep:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2021
cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2022
cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>2019
cpe:2.3:a:autodesk:autocad_plant_3d:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>2020
cpe:2.3:a:autodesk:autocad_plant_3d:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>2021
cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>2022
cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>design_review>>2018
cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>navisworks>>2019
cpe:2.3:a:autodesk:navisworks:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>navisworks>>2020
cpe:2.3:a:autodesk:navisworks:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>navisworks>>2022
cpe:2.3:a:autodesk:navisworks:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>revit>>2020
cpe:2.3:a:autodesk:revit:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>revit>>2021
cpe:2.3:a:autodesk:revit:2021:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-770Primarynvd@nist.gov
CWE ID: CWE-770
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011psirt@autodesk.com
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011
Source: psirt@autodesk.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

317Records found
CVE-2021-40160
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 18:31
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicaldesign_reviewautocad_plant_3dnavisworksautocad_map_3dadvance_steelautocadautocad_electricalautocad_ltrevitautocad_architecturecivil_3dautocad_mepRevit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40166
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.55%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-416
Use After Free
CVE-2021-40163
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.55%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40167
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk® Design Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40161
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.68%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 18:31
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicaldesign_reviewautocad_plant_3dnavisworksautocad_map_3dadvance_steelautocadautocad_electricalautocad_ltrevitautocad_architecturecivil_3dautocad_mepRevit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40159
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.34% / 56.42%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-inventorautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepInventor
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-40164
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.12% / 31.16%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40158
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.44% / 62.88%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-inventorautocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepInventor
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40165
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.12% / 30.55%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40156
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-40157
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.14% / 34.17%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 14:11
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-9453
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 23:33
Updated-19 Dec, 2025 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-40155
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-9455
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 23:35
Updated-19 Dec, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CATPRODUCT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-0662
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.29%
||
7 Day CHG+0.01%
Published-04 Feb, 2026 | 16:28
Updated-06 Feb, 2026 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Search Path Vulnerability when opening max Files

A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-9458
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.77%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 18:01
Updated-22 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Memory Corruption Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-shared_componentsautocad_electricaladvance_steelautocad_map_3drevit_ltautocad_mep3ds_maxautocad_plant_3dinventorautocad_mechanicalautocadcivil_3drevitinfraworksvaultautocad_architectureShared Components
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-9454
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 23:34
Updated-19 Dec, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-0661
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.60%
||
7 Day CHG+0.01%
Published-04 Feb, 2026 | 16:27
Updated-06 Feb, 2026 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-Bounds Write in RGB File Parsing

A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-0538
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.76%
||
7 Day CHG+0.01%
Published-04 Feb, 2026 | 16:24
Updated-06 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIF File Parsing Out-of-Bounds Write

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-9459
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 23:38
Updated-19 Dec, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SLDPRT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-9457
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 23:37
Updated-22 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Memory Corruption Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-shared_componentsautocad_electricaladvance_steelautocad_map_3drevit_ltautocad_mep3ds_maxautocad_plant_3dinventorautocad_mechanicalautocadcivil_3drevitinfraworksvaultautocad_architectureShared Components
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-0536
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.17%
||
7 Day CHG-0.00%
Published-04 Feb, 2026 | 18:12
Updated-05 Feb, 2026 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIF File Parsing Stack Based Buffer Overflow

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-0537
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.60%
||
7 Day CHG+0.01%
Published-04 Feb, 2026 | 16:26
Updated-06 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RGB File Parsing Memory Corruption

A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-9460
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 23:38
Updated-19 Dec, 2025 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SLDPRT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_plant_3drevit_ltinventorvaultautocad_mepautocad_mechanicalcivil_3dautocadshared_componentsautocad_map_3d3ds_maxrevitautocad_electricaladvance_steelautocad_architectureinfraworksShared Components
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-0660
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.30%
||
7 Day CHG~0.00%
Published-04 Feb, 2026 | 16:27
Updated-06 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack Based Buffer Overflow in GIF File Parsing

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-9452
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-15 Dec, 2025 | 23:32
Updated-22 Jan, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SLDPRT File Parsing Memory Corruption Vulnerability

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-shared_componentsautocad_electricaladvance_steelautocad_map_3drevit_ltautocad_mep3ds_maxautocad_plant_3dinventorautocad_mechanicalautocadcivil_3drevitinfraworksvaultautocad_architectureShared Components
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8354
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.17%
||
7 Day CHG~0.00%
Published-23 Sep, 2025 | 13:20
Updated-02 Dec, 2025 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RFA File Parsing Type Confusion Vulnerability

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitRevit LT
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2025-8893
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.23%
||
7 Day CHG-0.02%
Published-16 Sep, 2025 | 14:17
Updated-06 Oct, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF File Parsing Out-of-Bounds Write Vulnerability

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architecturerevitcivil_3dautocad_plant_3dautocad_mepautocad_ltautocadadvance_steelautocad_mechanicalautocad_electricalAutoCAD MAP 3DAdvance SteelAutoCAD MEPAutoCAD ElectricalAutoCAD MechanicalAutoCAD Plant 3DAutoCADAutoCAD ArchitectureCivil 3DRevitAutoCAD LTRevit LT
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-8892
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.17%
||
7 Day CHG~0.00%
Published-22 Sep, 2025 | 19:01
Updated-07 Nov, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Memory Corruption Vulnerability

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_architecturerevitautocadinventorautocad_mechanicalrevit_ltautocad_electricalautocad_map_3dinfraworksvaultshared_componentsautocad_plant_3dautocad_mep3ds_maxadvance_steelcivil_3dShared Components
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8894
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.23%
||
7 Day CHG-0.02%
Published-16 Sep, 2025 | 14:19
Updated-06 Oct, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF File Parsing Heap-Based Buffer Overflow Vulnerability

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_mechanicalrevitautocad_plant_3dautocad_mepautocadadvance_steelautocad_ltautocad_electricalcivil_3dAutoCAD MAP 3DAdvance SteelAutoCAD MEPAutoCAD ElectricalAutoCAD MechanicalAutoCAD Plant 3DAutoCADAutoCAD ArchitectureCivil 3DRevitAutoCAD LTRevit LT
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-27031
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.80%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 15:10
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-416
Use After Free
CVE-2021-27041
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.17%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 12:41
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code

Action-Not Available
Vendor-iconicsn/aMitsubishi Electric CorporationAutodesk Inc.
Product-mc_works64autocad_mechanicaldesign_reviewautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dgenesis64autocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27036
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.40%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:17
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27035
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.40%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:16
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27039
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.23%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:18
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocaddesign_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27044
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.97% / 76.23%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 14:11
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27042
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.37% / 58.17%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 12:41
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2021-27028
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.73% / 72.19%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 15:09
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27043
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.03%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 12:41
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricaldwg_trueviewautocad_architecturecivil_3dautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27045
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27033
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.89% / 75.12%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:12
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-415
Double Free
CVE-2021-27038
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.37%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:17
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-27027
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.56%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 15:08
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27037
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.48% / 64.70%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:17
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-416
Use After Free
CVE-2021-27030
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-49.33% / 97.70%
||
7 Day CHG~0.00%
Published-19 Apr, 2021 | 15:10
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-27046
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.77%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27034
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.78%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:16
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-7363
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.52% / 66.08%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 19:35
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-416
Use After Free
CVE-2022-41303
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.11% / 29.29%
||
7 Day CHG+0.01%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitFBX SDK
CWE ID-CWE-416
Use After Free
CVE-2022-42939
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.89%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_civil_3dautocad_ltautocadautocad_mechanicalautocad_electricalautocad_plant_3ddesign_reviewautocad_advance_steelautocad_architectureautocad_mepautocad_map_3dAutodesk Design Review
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found