Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-42940

Summary
Assigner-autodesk
Assigner Org ID-7e40ea87-bc65-4944-9723-dd79dd760601
Published At-21 Oct, 2022 | 00:00
Updated At-07 May, 2025 | 16:04
Rejected At-
Credits

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:autodesk
Assigner Org ID:7e40ea87-bc65-4944-9723-dd79dd760601
Published At:21 Oct, 2022 | 00:00
Updated At:07 May, 2025 | 16:04
Rejected At:
▼CVE Numbering Authority (CNA)

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Affected Products
Vendor
n/a
Product
Autodesk Design Review
Versions
Affected
  • 2018, 2017, 2013, 2012, 2011
Problem Types
TypeCWE IDDescription
textN/AMemory corruption vulnerability
Type: text
CWE ID: N/A
Description: Memory corruption vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
N/A
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
x_transferred
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@autodesk.com
Published At:21 Oct, 2022 | 16:15
Updated At:07 May, 2025 | 16:15

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Autodesk Inc.
autodesk
>>autocad>>2019
cpe:2.3:a:autodesk:autocad:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2020
cpe:2.3:a:autodesk:autocad:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2021
cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2022
cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad>>2022
cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:macos:*:*
Autodesk Inc.
autodesk
>>autocad>>2023
cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_advance_steel>>2019
cpe:2.3:a:autodesk:autocad_advance_steel:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_advance_steel>>2020
cpe:2.3:a:autodesk:autocad_advance_steel:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_advance_steel>>2021
cpe:2.3:a:autodesk:autocad_advance_steel:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_advance_steel>>2022
cpe:2.3:a:autodesk:autocad_advance_steel:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_advance_steel>>2023
cpe:2.3:a:autodesk:autocad_advance_steel:2023:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2019
cpe:2.3:a:autodesk:autocad_architecture:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2020
cpe:2.3:a:autodesk:autocad_architecture:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2021
cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2022
cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_architecture>>2023
cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>2019
cpe:2.3:a:autodesk:autocad_civil_3d:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>2020
cpe:2.3:a:autodesk:autocad_civil_3d:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>2021
cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>2022
cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_civil_3d>>2023
cpe:2.3:a:autodesk:autocad_civil_3d:2023:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2019
cpe:2.3:a:autodesk:autocad_electrical:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2020
cpe:2.3:a:autodesk:autocad_electrical:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2021
cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2022
cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_electrical>>2023
cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2019
cpe:2.3:a:autodesk:autocad_lt:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2020
cpe:2.3:a:autodesk:autocad_lt:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2021
cpe:2.3:a:autodesk:autocad_lt:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2022
cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2022
cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:macos:*:*
Autodesk Inc.
autodesk
>>autocad_lt>>2023
cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2019
cpe:2.3:a:autodesk:autocad_map_3d:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2020
cpe:2.3:a:autodesk:autocad_map_3d:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2021
cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2022
cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_map_3d>>2023
cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2019
cpe:2.3:a:autodesk:autocad_mechanical:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2020
cpe:2.3:a:autodesk:autocad_mechanical:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2021
cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2022
cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mechanical>>2023
cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2019
cpe:2.3:a:autodesk:autocad_mep:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2020
cpe:2.3:a:autodesk:autocad_mep:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2021
cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2022
cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_mep>>2023
cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>2019
cpe:2.3:a:autodesk:autocad_plant_3d:2019:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>2020
cpe:2.3:a:autodesk:autocad_plant_3d:2020:*:*:*:*:*:*:*
Autodesk Inc.
autodesk
>>autocad_plant_3d>>2021
cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004psirt@autodesk.com
Patch
Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
Source: psirt@autodesk.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2552Records found
CVE-2023-25007
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.94%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_max_usdAutodesk 3ds Max USD Plugin
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2023-25010
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.02%
||
7 Day CHG~0.00%
Published-17 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-maya_usdAutodesk Maya USD Plugin
CWE ID-CWE-665
Improper Initialization
CVE-2023-25008
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 25.08%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-24 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_max_usdAutodesk 3ds Max USD Plugin
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-25005
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.17%
||
7 Day CHG~0.00%
Published-12 May, 2023 | 00:00
Updated-27 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infraworksAutodesk InfraWorks
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2024-37002
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.57%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 03:07
Updated-27 Aug, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_map_3dautocad_architectureautocad_electricalautocadautocad_mepautocad_plant_3dautocad_mechanicalcivil_3dadvance_steelAutoCAD ArchitectureAutoCADAutoCAD MAP 3DAutoCAD MEPAdvance SteelCivil 3DAutoCAD Plant 3DAutoCAD ElectricalAutoCAD Mechanical
CWE ID-CWE-457
Use of Uninitialized Variable
CVE-2023-25001
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 23.15%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 00:00
Updated-05 Dec, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksNavisworks
CWE ID-CWE-416
Use After Free
CVE-2022-41303
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.88%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-14 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitFBX SDK
CWE ID-CWE-416
Use After Free
CVE-2024-23128
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.42%
||
7 Day CHG-0.42%
Published-22 Feb, 2024 | 03:18
Updated-28 Aug, 2025 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23145
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.32%
||
7 Day CHG-0.36%
Published-25 Jun, 2024 | 02:27
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dadvance_steelautocad
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23141
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.32%
||
7 Day CHG-0.36%
Published-25 Jun, 2024 | 01:22
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-415
Double Free
CVE-2024-23136
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.38%
||
7 Day CHG-0.57%
Published-22 Feb, 2024 | 04:48
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-23142
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.44%
||
7 Day CHG-0.36%
Published-25 Jun, 2024 | 01:24
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-416
Use After Free
CVE-2024-23138
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.33% / 54.89%
||
7 Day CHG-0.50%
Published-17 Mar, 2024 | 23:56
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack-based Overflow Vulnerability in the TrueViewTM Desktop Software

A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_ltautocad_electricaladvance_steelautocad_map_3ddwg_trueviewautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MacAutoCAD MAP 3DAutoCAD ElectricalAutoCAD LT for MacAutoCAD MEPDWG TrueViewAutoCAD ArchitectureAutoCAD LTAutoCAD MechanicalCivil 3Dautocadautocad_architectureautocad_civil_3dautocad_electricalautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dautocad_advance_steel
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-23133
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 27.07%
||
7 Day CHG-0.17%
Published-22 Feb, 2024 | 04:11
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23153
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.43%
||
7 Day CHG-0.47%
Published-25 Jun, 2024 | 03:26
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23149
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG-0.01%
Published-25 Jun, 2024 | 02:43
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23140
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.32%
||
7 Day CHG-0.42%
Published-25 Jun, 2024 | 01:01
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-23158
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.51% / 65.37%
||
7 Day CHG+0.23%
Published-25 Jun, 2024 | 03:31
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dcivil_3dautocad_advance_steel
CWE ID-CWE-416
Use After Free
CVE-2024-23132
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.26% / 49.24%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 04:10
Updated-26 Aug, 2025 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dadvance_steelautocad_electricalautocad_map_3dautocad_mepautocadcivil_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23137
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-2.17% / 83.66%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 04:49
Updated-28 Aug, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocad_mechanicalautocad_architectureautocad_plant_3dadvance_steelautocad_electricalautocad_map_3dautocad_mepautocadcivil_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-23135
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.76%
||
7 Day CHG-1.04%
Published-22 Feb, 2024 | 04:34
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocad_civil_3dautocadautocad_advance_steel
CWE ID-CWE-416
Use After Free
CVE-2024-23129
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.18%
||
7 Day CHG-0.36%
Published-22 Feb, 2024 | 03:24
Updated-28 Aug, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23159
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.57% / 67.65%
||
7 Day CHG-0.87%
Published-25 Jun, 2024 | 03:33
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3Dautocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3d
CWE ID-CWE-457
Use of Uninitialized Variable
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2022-33881
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.81%
||
7 Day CHG~0.00%
Published-29 Jul, 2022 | 15:18
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-33887
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.09% / 26.06%
||
7 Day CHG~0.00%
Published-03 Oct, 2022 | 14:24
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_advance_steelautocad_mechanicalautocad_plant_3dautocad_map_3dautocadautocad_civil_3dautocad_electricalautocad_ltautocad_architectureautocad_meputodesk® AutoCAD®, Advance Steel and Civil 3D®
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2024-23130
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.10%
||
7 Day CHG-0.48%
Published-22 Feb, 2024 | 03:33
Updated-28 Aug, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23131
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.10%
||
7 Day CHG-0.48%
Published-22 Feb, 2024 | 04:05
Updated-28 Aug, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Vulnerabilities in the Autodesk AutoCAD Desktop Software

A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architectureautocad_mechanicalcivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_plant_3dAutoCADAutoCAD MechanicalAdvance SteelAutoCAD ArchitectureCivil 3DAutoCAD Plant 3DAutoCAD MEPAutoCAD MAP 3DAutoCAD Electricalautocad_civil_3dautocad_advance_steelautocad
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-23152
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.86%
||
7 Day CHG+0.09%
Published-25 Jun, 2024 | 03:25
Updated-26 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_architecturecivil_3dautocad_electricaladvance_steelautocad_map_3dautocad_mepautocad_mechanicalautocad_plant_3dAdvance SteelAutoCADAutoCAD Plant 3DAutoCAD MAP 3DAutoCAD ElectricalAutoCAD MEPAutoCAD ArchitectureAutoCAD MechanicalCivil 3D
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-11454
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.22%
||
7 Day CHG+0.02%
Published-09 Dec, 2024 | 17:48
Updated-28 Aug, 2025 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Untrusted Search Path vulnerability in Autodesk Revit

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.

Action-Not Available
Vendor-Autodesk Inc.
Product-revitRevitrevit
CWE ID-CWE-426
Untrusted Search Path
CVE-2021-40166
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.08%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-infrastructure_parts_editorautocad_mechanicaldesign_reviewnavisworksautocad_map_3dautocadautocad_civil_3dautocad_architectureautocad_mepautocad_advance_steelinventorstorm_and_sanitary_analysisautocad_plant_3dautocad_ltautocad_electricalinfraworksfusiondwg_trueviewrevitRevit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-416
Use After Free
CVE-2021-40167
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 19:11
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk® Design Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27038
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.27%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:17
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2021-27045
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 16:35
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-27033
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.89% / 74.61%
||
7 Day CHG~0.00%
Published-09 Jul, 2021 | 14:12
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-415
Double Free
CVE-2022-27866
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.40%
||
7 Day CHG~0.00%
Published-29 Jul, 2022 | 19:01
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-design_reviewAutodesk Design Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27872
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:23
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksNavisworks
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-27868
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.61%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:23
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocadAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-416
Use After Free
CVE-2022-27867
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.52% / 65.61%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 14:23
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocadAutodesk Inventor, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-416
Use After Free
CVE-2022-27528
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.68% / 70.60%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-416
Use After Free
CVE-2020-7080
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.50% / 64.74%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 17:52
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_software_development_kitAutodesk FBX-SDK
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-7079
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.31%
||
7 Day CHG~0.00%
Published-17 Apr, 2020 | 17:54
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-dynamo_bimAutodesk Dynamo BIM
CWE ID-CWE-426
Untrusted Search Path
CVE-2022-42945
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.64% / 69.57%
||
7 Day CHG~0.00%
Published-19 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-dwg_trueviewDWG TrueView
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-25794
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-fbx_reviewAutodesk FBX Review
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25796
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-navisworksAutodesk Navisworks
CWE ID-CWE-415
Double Free
CVE-2022-25789
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.68% / 70.60%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocad_mechanicalautocad_plant_3dautocad_map_3dautocad_ltadvance_steelautocadautocad_electricalautocad_architecturecivil_3dautocad_mepAutodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D
CWE ID-CWE-416
Use After Free
CVE-2022-25793
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.53%
||
7 Day CHG-0.03%
Published-10 Aug, 2022 | 16:03
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-3ds_maxAutodesk 3ds Max
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-25795
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.49% / 64.69%
||
7 Day CHG~0.00%
Published-13 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files.

Action-Not Available
Vendor-n/aAutodesk Inc.
Product-autocadRevit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2025-6635
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 17:53
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PRT File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-autocadautocad_electricalinventorinfraworksadvance_steelrevit_ltcivil_3drevitautocad_mepautocad_architectureautocad_mechanicalshared_componentsautocad_plant_3dvault3ds_maxautocad_map_3dShared Components
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-6632
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 1.46%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 20:42
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PSD File Parsing Out-of-Bounds Read Vulnerability

A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-6634
Matching Score-8
Assigner-Autodesk
ShareView Details
Matching Score-8
Assigner-Autodesk
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.40%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 20:43
Updated-19 Aug, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TGA File Parsing Memory Corruption Vulnerability

A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

Action-Not Available
Vendor-Autodesk Inc.
Product-3ds_max3ds Max
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 51
  • 52
  • Next
Details not found