MidnightBSD

Advisories for autodesk

CVE-2005-4710 MEDIUM

Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
autodesk autocad_electrical 2005
autodesk autocad_lt 2005
autodesk 3ds_max 7
autodesk map_3d 2006
autodesk autocad_electrical 2006
autodesk building_systems 2005
autodesk inventor 10
autodesk land_desktop 2005
autodesk map_3d 2005
autodesk architectural_desktop 2006
autodesk autocad 2005
autodesk autocad 2006
autodesk civil_design 2005
autodesk survey 2005
autodesk building_systems 2006
autodesk revit 7
autodesk land_desktop 2006
autodesk survey 2006
autodesk raster_design 2005
autodesk revit_structure 6
autodesk revit 8
autodesk autocad_mechanical 2006
autodesk raster_design 2006
autodesk autocad_civil_3d 2005
autodesk architectural_desktop 2005
autodesk inventor 9
autodesk revit_structure 8.1
autodesk autocad_mechanical 2005
autodesk autocad_lt 2006
autodesk utility_design 2005
autodesk autocad_civil_3d 2006
autodesk viz 2006
CVE-2013-3665 MEDIUM

Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
autodesk autocad_architecture 2011
autodesk autocad_lt 2014
autodesk autocad_structural_detailing 2013
autodesk autocad 2013
autodesk autocad_structural_detailing 2012
autodesk autocad_utility_design 2013
autodesk autocad 2012
autodesk autocad_electrical 2013
autodesk dwg_trueview 2014
autodesk autocad_map_3d 2014
autodesk autocad_mechanical 2012
autodesk autocad_ecscad 2011
autodesk autocad_lt 2011
autodesk autocad_map_3d 2012
autodesk autocad_ecscad 2012
autodesk autocad_electrical 2011
autodesk autocad_mep 2014
autodesk autocad_ecscad 2014
autodesk autocad_architecture 2013
autodesk autocad_ecscad 2013
autodesk autocad_mechanical 2014
autodesk autocad_plant_3d 2012
autodesk autocad 2011
autodesk autocad_civil_3d 2014
autodesk dwg_trueview 2012
autodesk autocad 2014
autodesk autocad_lt 2012
autodesk autocad_mechanical 2011
autodesk autocad_plant_3d 2013
autodesk autocad_lt 2013
autodesk autocad_utility_design 2011
autodesk dwg_trueview 2011
autodesk autocad_civil_3d 2012
autodesk autocad_map_3d 2013
autodesk autocad_architecture 2014
autodesk autocad_utility_design 2012
autodesk autocad_mep 2012
autodesk autocad_map_3d 2011
autodesk autocad_civil_3d 2011
autodesk autocad_p&id 2011
autodesk autocad_civil_3d 2013
autodesk autocad_p&id 2013
autodesk autocad_electrical 2014
autodesk autocad_p&id 2012
autodesk autocad_structural_detailing 2011
autodesk dwg_trueview 2013
autodesk autocad_architecture 2012
autodesk autocad_utility_design 2014
autodesk autocad_electrical 2012
autodesk autocad_p&id 2014
autodesk autocad_mep 2013
autodesk autocad_structural_detailing 2014
autodesk autocad_mep 2011
autodesk autocad_mechanical 2013
autodesk autocad_plant_3d 2011
autodesk autocad_plant_3d 2014
CVE-2013-5365 HIGH

Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
autodesk sketchbook *
autodesk sketchbook_express *
autodesk sketchbook_for_enterprise_2014 *
autodesk sketchbook_pro *
CVE-2014-0818 HIGH

Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
autodesk autocad *
CVE-2014-0819 MEDIUM

Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
autodesk autocad *
CVE-2014-2967 HIGH

Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
autodesk vred 2014
CVE-2014-3938 HIGH

Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
autodesk sketchbook_pro 6.2.4
autodesk sketchbook_pro *
CVE-2014-3939 HIGH

Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
autodesk sketchbook_pro 6.2.4
autodesk sketchbook_pro *
CVE-2014-9268 MEDIUM

The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
autodesk design_review *
CVE-2015-8571 MEDIUM

Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
autodesk design_review 2013
CVE-2015-8572 MEDIUM

Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
autodesk design_review 2013
CVE-2016-2344 HIGH

Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
autodesk autodesk_backburner *
CVE-2016-9303 HIGH

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2016-9304 MEDIUM

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2016-9305 HIGH

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2016-9306 HIGH

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2016-9307 HIGH

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2019-7358 MEDIUM

An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_map_3d 2018
autodesk advance_steel 2018
autodesk civil_3d 2018
autodesk autocad_architecture 2018
autodesk autocad_lt 2018
autodesk autocad_mep 2018
autodesk autocad 2018
autodesk autocad_electrical 2018
autodesk autocad_mechanical 2018
autodesk autocad_plant_3d 2018
autodesk autocad_p&id 2018
CVE-2019-7359 MEDIUM

An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_map_3d 2018
autodesk advance_steel 2018
autodesk civil_3d 2018
autodesk autocad_architecture 2018
autodesk autocad_lt 2018
autodesk autocad_mep 2018
autodesk autocad 2018
autodesk autocad_electrical 2018
autodesk autocad_mechanical 2018
autodesk autocad_plant_3d 2018
autodesk autocad_p&id 2018
CVE-2019-7360 MEDIUM

An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
autodesk autocad_map_3d 2018
autodesk advance_steel 2018
autodesk civil_3d 2018
autodesk autocad_architecture 2018
autodesk autocad_lt 2018
autodesk autocad_mep 2018
autodesk autocad 2018
autodesk autocad_electrical 2018
autodesk autocad_mechanical 2018
autodesk autocad_plant_3d 2018
autodesk autocad_p&id 2018
CVE-2019-7361 MEDIUM

An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-502,

Products Affected

Vendor Product Version
autodesk autocad_map_3d 2018
autodesk advance_steel 2018
autodesk civil_3d 2018
autodesk autocad_architecture 2018
autodesk autocad_lt 2018
autodesk autocad_mep 2018
autodesk autocad 2018
autodesk autocad_electrical 2018
autodesk autocad_mechanical 2018
autodesk autocad_plant_3d 2018
autodesk autocad_p&id 2018
CVE-2019-7362 MEDIUM

DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2019-7363 MEDIUM

Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2019-7364 MEDIUM

DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
autodesk autocad_architecture 2017
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_plant_3d 2019
autodesk advance_steel 2019
autodesk autocad_p&id 2017
autodesk autocad_lt 2017
autodesk autocad_lt 2019
autodesk autocad_map_3d 2020
autodesk civil_3d 2017
autodesk civil_3d 2020
autodesk advance_steel 2020
autodesk autocad_electrical 2020
autodesk autocad_architecture 2020
autodesk autocad_mechanical 2019
autodesk autocad_electrical 2018
autodesk autocad_mechanical 2017
autodesk autocad_mechanical 2018
autodesk autocad_plant_3d 2018
autodesk autocad_plant_3d 2017
autodesk advance_steel 2017
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk civil_3d 2018
autodesk autocad_mep 2017
autodesk autocad_mechanical 2020
autodesk autocad_architecture 2018
autodesk autocad 2018
autodesk autocad_electrical 2019
autodesk autocad_map_3d 2018
autodesk autocad_electrical 2017
autodesk autocad 2017
autodesk autocad 2020
autodesk civil_3d 2019
autodesk advance_steel 2018
autodesk autocad 2019
autodesk autocad_lt 2018
autodesk autocad_mep 2018
autodesk autocad_map_3d 2017
autodesk autocad_map_3d 2019
CVE-2019-7365 MEDIUM

DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-427,

Products Affected

Vendor Product Version
autodesk autodesk_desktop *
CVE-2019-7366 HIGH

Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit 2019.5
CVE-2020-7079 MEDIUM

An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-426,

Products Affected

Vendor Product Version
autodesk dynamo_bim 2.5.1
autodesk dynamo_bim 2.5.0
CVE-2020-7080 HIGH

A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2020-7081 HIGH

A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-843,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2020-7082 HIGH

A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2020-7083 MEDIUM

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2020-7084 MEDIUM

A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2020-7085 HIGH

A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2021-27027 MEDIUM

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk fbx_review *
CVE-2021-27028 MEDIUM

A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk fbx_review *
CVE-2021-27029 MEDIUM

The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
autodesk fbx_review *
CVE-2021-27030 HIGH

A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
autodesk fbx_review *
CVE-2021-27031 HIGH

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
autodesk fbx_review *
CVE-2021-27032 HIGH

Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-276,

Products Affected

Vendor Product Version
autodesk licensing_services 9.0.1.1462.100
CVE-2021-27033 MEDIUM

A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2021-27034 MEDIUM

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2021-27035 MEDIUM

A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2021-27036 MEDIUM

A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2021-27037 MEDIUM

A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2021-27038 MEDIUM

A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-843,

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2021-27039 MEDIUM

A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
autodesk autocad *
CVE-2021-27040 MEDIUM

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk autocad_mechanical *
mitsubishielectric mc_works64 *
autodesk dwg_trueview *
autodesk autocad_electrical *
iconics genesis64 *
autodesk autocad_mep *
autodesk advance_steel *
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_plant_3d *
autodesk civil_3d *
autodesk autocad *
autodesk autocad_architecture *
CVE-2021-27041 MEDIUM

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_mechanical *
mitsubishielectric mc_works64 *
autodesk autocad_electrical *
iconics genesis64 *
autodesk autocad_mep *
autodesk advance_steel *
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_plant_3d *
autodesk civil_3d *
autodesk design_review 2018
autodesk autocad *
autodesk autocad_architecture *
CVE-2021-27042 MEDIUM

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2021-27043 MEDIUM

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2021-27044 MEDIUM

A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
autodesk fbx_review 1.4.0
CVE-2021-27045 MEDIUM

A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk navisworks 2022
autodesk navisworks 2021
autodesk navisworks 2020
autodesk navisworks 2019
CVE-2021-27046 MEDIUM

A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk navisworks 2022
autodesk navisworks 2021
autodesk navisworks 2020
autodesk navisworks 2019
CVE-2021-40155 MEDIUM

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk navisworks 2022
autodesk navisworks 2021
autodesk navisworks 2020
autodesk navisworks 2019
CVE-2021-40156 MEDIUM

A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk navisworks 2022
autodesk navisworks 2021
autodesk navisworks 2020
autodesk navisworks 2019
CVE-2021-40157 HIGH

A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
autodesk fbx_review *
CVE-2021-40158 MEDIUM

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk autocad_mechanical *
autodesk inventor *
autodesk autocad_electrical *
autodesk inventor 2020
autodesk autocad_mep *
autodesk advance_steel *
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk inventor 2019
autodesk autocad_plant_3d *
autodesk inventor 2021
autodesk civil_3d *
autodesk autocad *
autodesk autocad_architecture *
CVE-2021-40159 MEDIUM

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
autodesk autocad_mechanical *
autodesk autocad_electrical *
autodesk inventor 2020
autodesk autocad_mep *
autodesk advance_steel *
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk inventor 2019
autodesk autocad_plant_3d *
autodesk inventor 2021
autodesk civil_3d *
autodesk autocad *
autodesk inventor 2022
autodesk autocad_architecture *
CVE-2021-40160 MEDIUM

PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk autocad_mechanical *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk navisworks *
autodesk advance_steel *
autodesk revit *
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_plant_3d *
autodesk civil_3d *
autodesk design_review 2018
autodesk autocad *
autodesk autocad_architecture *
CVE-2021-40161 MEDIUM

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad 2022
autodesk autocad_lt 2020
autodesk autocad_mechanical *
autodesk autocad 2021
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk navisworks *
autodesk advance_steel *
autodesk revit *
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad 2020
autodesk autocad_plant_3d *
autodesk civil_3d *
autodesk design_review 2018
autodesk autocad *
autodesk autocad_lt 2021
autodesk autocad_architecture *
CVE-2021-40162

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit 2022
autodesk autocad_mechanical *
autodesk infraworks *
autodesk dwg_trueview *
autodesk storm_and_sanitary_analysis 2022
autodesk infrastructure_parts_editor 2021
autodesk autocad_mep *
autodesk navisworks *
autodesk infraworks 2022.1
autodesk storm_and_sanitary_analysis 2019
autodesk autocad_civil_3d *
autodesk infraworks 2020.2
autodesk autocad_advance_steel *
autodesk storm_and_sanitary_analysis *
autodesk inventor *
autodesk autocad_electrical *
autodesk revit *
autodesk infraworks 2022.0
autodesk autocad_map_3d *
autodesk infrastructure_parts_editor 2022
autodesk infrastructure_parts_editor *
autodesk autocad_lt *
autodesk infraworks 2021.2
autodesk autocad_plant_3d *
autodesk fusion *
autodesk infraworks 2019.3
autodesk design_review 2018
autodesk autocad *
autodesk autocad_architecture *
CVE-2021-40163

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit 2022
autodesk autocad_mechanical *
autodesk infraworks *
autodesk dwg_trueview *
autodesk storm_and_sanitary_analysis 2022
autodesk infrastructure_parts_editor 2021
autodesk autocad_mep *
autodesk navisworks *
autodesk infraworks 2022.1
autodesk storm_and_sanitary_analysis 2019
autodesk autocad_civil_3d *
autodesk infraworks 2020.2
autodesk autocad_advance_steel *
autodesk storm_and_sanitary_analysis *
autodesk inventor *
autodesk autocad_electrical *
autodesk revit *
autodesk infraworks 2022.0
autodesk autocad_map_3d *
autodesk infrastructure_parts_editor 2022
autodesk infrastructure_parts_editor *
autodesk autocad_lt *
autodesk infraworks 2021.2
autodesk autocad_plant_3d *
autodesk fusion *
autodesk infraworks 2019.3
autodesk design_review 2018
autodesk autocad *
autodesk autocad_architecture *
CVE-2021-40164

A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit 2022
autodesk autocad_mechanical *
autodesk infraworks *
autodesk dwg_trueview *
autodesk storm_and_sanitary_analysis 2022
autodesk infrastructure_parts_editor 2021
autodesk autocad_mep *
autodesk navisworks *
autodesk infraworks 2022.1
autodesk storm_and_sanitary_analysis 2019
autodesk autocad_civil_3d *
autodesk infraworks 2020.2
autodesk autocad_advance_steel *
autodesk storm_and_sanitary_analysis *
autodesk inventor *
autodesk autocad_electrical *
autodesk revit *
autodesk infraworks 2022.0
autodesk autocad_map_3d *
autodesk infrastructure_parts_editor 2022
autodesk infrastructure_parts_editor *
autodesk autocad_lt *
autodesk infraworks 2021.2
autodesk autocad_plant_3d *
autodesk fusion *
autodesk infraworks 2019.3
autodesk design_review 2018
autodesk autocad *
autodesk autocad_architecture *
CVE-2021-40165

A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit 2022
autodesk autocad_mechanical *
autodesk infraworks *
autodesk dwg_trueview *
autodesk storm_and_sanitary_analysis 2022
autodesk infrastructure_parts_editor 2021
autodesk autocad_mep *
autodesk navisworks *
autodesk infraworks 2022.1
autodesk storm_and_sanitary_analysis 2019
autodesk autocad_civil_3d *
autodesk infraworks 2020.2
autodesk autocad_advance_steel *
autodesk storm_and_sanitary_analysis *
autodesk inventor *
autodesk autocad_electrical *
autodesk revit *
autodesk infraworks 2022.0
autodesk autocad_map_3d *
autodesk infrastructure_parts_editor 2022
autodesk infrastructure_parts_editor *
autodesk autocad_lt *
autodesk infraworks 2021.2
autodesk autocad_plant_3d *
autodesk fusion *
autodesk infraworks 2019.3
autodesk design_review 2018
autodesk autocad *
autodesk autocad_architecture *
CVE-2021-40166

A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit 2022
autodesk autocad_mechanical *
autodesk infraworks *
autodesk dwg_trueview *
autodesk storm_and_sanitary_analysis 2022
autodesk infrastructure_parts_editor 2021
autodesk autocad_mep *
autodesk navisworks *
autodesk infraworks 2022.1
autodesk storm_and_sanitary_analysis 2019
autodesk autocad_civil_3d *
autodesk infraworks 2020.2
autodesk autocad_advance_steel *
autodesk storm_and_sanitary_analysis *
autodesk inventor *
autodesk autocad_electrical *
autodesk revit *
autodesk infraworks 2022.0
autodesk autocad_map_3d *
autodesk infrastructure_parts_editor 2022
autodesk infrastructure_parts_editor *
autodesk autocad_lt *
autodesk infraworks 2021.2
autodesk autocad_plant_3d *
autodesk fusion *
autodesk infraworks 2019.3
autodesk design_review 2018
autodesk autocad *
autodesk autocad_architecture *
CVE-2021-40167 MEDIUM

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk design_review 2018
CVE-2022-25788 MEDIUM

A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk inventor *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2022-25789 MEDIUM

A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2022-25790 MEDIUM

A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk navisworks *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2022-25791 MEDIUM

A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk navisworks *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2022-25792 MEDIUM

A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk navisworks *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2022-25793

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2022-25794 MEDIUM

An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk fbx_review *
CVE-2022-25795 MEDIUM

A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
autodesk autocad *
CVE-2022-25796 MEDIUM

A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2022-25797 MEDIUM

A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk dwg_trueview 2022
autodesk dwg_trueview 2021
CVE-2022-27523 MEDIUM

A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk dwg_trueview *
CVE-2022-27524 MEDIUM

An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H 1.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk dwg_trueview *
CVE-2022-27525 MEDIUM

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2022-27526 MEDIUM

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2022-27527 MEDIUM

A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2022-27528 MEDIUM

A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2022-27529 MEDIUM

A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2022-27530 MEDIUM

A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2022-27531 MEDIUM

A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2022-27532 MEDIUM

A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2022-27864

A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2022-27865

A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2022-27866

A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk design_review 2017
autodesk design_review 2013
autodesk design_review 2012
autodesk design_review 2018
autodesk design_review 2011
CVE-2022-27867 MEDIUM

A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
autodesk autocad 2022
autodesk autocad 2021
autodesk autocad 2020
autodesk autocad 2019
CVE-2022-27868 MEDIUM

A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
autodesk autocad 2023
CVE-2022-27869 MEDIUM

A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-787,

Products Affected

Vendor Product Version
autodesk autocad 2023
CVE-2022-27870 MEDIUM

A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
autodesk autocad 2023
CVE-2022-27871 MEDIUM

Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
autodesk revit 2022
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk revit 2020
autodesk autocad_map_3d 2020
autodesk advance_steel 2020
autodesk navisworks 2022
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_electrical 2022
autodesk autocad 2021
autodesk revit 2021
autodesk navisworks 2020
autodesk advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk navisworks 2019
autodesk autocad_map_3d 2019
autodesk advance_steel 2022
autodesk autocad_lt 2022
autodesk advance_steel 2019
autodesk autocad_mechanical 2021
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk 3ds_max 2021
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk design_review 2018
autodesk 3ds_max 2022
CVE-2022-27872 MEDIUM

A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
autodesk navisworks 2022
CVE-2022-27873

An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk fusion_360 *
CVE-2022-33881

Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2023
autodesk autocad 2023
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_electrical 2023
autodesk autocad_lt 2023
autodesk autocad_architecture 2023
autodesk autocad_map_3d 2023
autodesk autocad_mechanical 2023
autodesk autocad_plant_3d 2023
CVE-2022-33882

Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
autodesk autodesk_desktop *
CVE-2022-33883

A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk advanced_material_exchange 2021
autodesk advanced_material_exchange 2019
autodesk moldflow_adviser 2019
autodesk moldflow_adviser 2021
autodesk moldflow_communicator 2021
autodesk moldflow_communicator 2019
autodesk moldflow_synergy 2019
autodesk moldflow_synergy 2021
CVE-2022-33884

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2022-33885

A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2022-33886

A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2022-33887

A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2022-33888

A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2022-33889

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_mechanical *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk design_review *
autodesk autocad_map_3d *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_plant_3d *
autodesk design_review 2018
autodesk autocad *
autodesk autocad_architecture *
CVE-2022-33890

A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk design_review 2018
autodesk autocad *
autodesk autocad_architecture *
CVE-2022-41301

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk subassembly_composer *
CVE-2022-41302

An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit 2020.0
CVE-2022-41303

A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit 2020.0
CVE-2022-41304

An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit 2020.0
CVE-2022-41305

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk subassembly_composer 2020
autodesk subassembly_composer 2022
autodesk subassembly_composer 2021
autodesk subassembly_composer 2023
CVE-2022-41306

A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk design_review 2018
CVE-2022-41307

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk subassembly_composer 2020
autodesk subassembly_composer 2022
autodesk subassembly_composer 2021
autodesk subassembly_composer 2023
CVE-2022-41308

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk subassembly_composer 2020
autodesk subassembly_composer 2022
autodesk subassembly_composer 2021
autodesk subassembly_composer 2023
CVE-2022-41309

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-41310

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42933

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42934

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42935

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42936

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42937

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42938

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42939

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42940

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42941

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42942

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42943

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42944

A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mep 2019
autodesk autocad_plant_3d 2020
autodesk autocad_mep 2021
autodesk autocad_plant_3d 2019
autodesk autocad_civil_3d 2022
autodesk autocad_plant_3d 2021
autodesk autocad_map_3d 2020
autodesk autocad_civil_3d 2021
autodesk autocad_mechanical 2019
autodesk autocad_architecture 2021
autodesk autocad_map_3d 2021
autodesk autocad_map_3d 2023
autodesk autocad_electrical 2022
autodesk autocad_mep 2023
autodesk autocad_advance_steel 2019
autodesk autocad 2021
autodesk autocad_civil_3d 2023
autodesk autocad_advance_steel 2023
autodesk autocad_advance_steel 2021
autodesk autocad 2020
autodesk autocad 2019
autodesk autocad_map_3d 2019
autodesk autocad_advance_steel 2022
autodesk autocad_plant_3d 2023
autodesk autocad_lt 2022
autodesk autocad_mechanical 2021
autodesk autocad_lt 2023
autodesk autocad_lt 2019
autodesk autocad_electrical 2020
autodesk autocad_architecture 2022
autodesk autocad_map_3d 2022
autodesk autocad_architecture 2020
autodesk autocad_electrical 2021
autodesk autocad_mechanical 2022
autodesk autocad_mep 2022
autodesk autocad_advance_steel 2020
autodesk autocad_lt 2021
autodesk autocad_civil_3d 2019
autodesk autocad_civil_3d 2020
autodesk autocad 2022
autodesk autocad_mep 2020
autodesk autocad_lt 2020
autodesk autocad_architecture 2019
autodesk autocad_plant_3d 2022
autodesk autocad_mechanical 2020
autodesk autocad_electrical 2019
autodesk autocad_architecture 2023
autodesk autocad_mechanical 2023
autodesk autocad 2023
autodesk autocad_electrical 2023
autodesk design_review 2018
CVE-2022-42945

DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system.

Products Affected

Vendor Product Version
autodesk dwg_trueview 2023
CVE-2022-42946

Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk maya 2023
CVE-2022-42947

A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.

Products Affected

Vendor Product Version
autodesk maya 2023
CVE-2023-25001

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Products Affected

Vendor Product Version
autodesk navisworks 2022
autodesk navisworks 2023
CVE-2023-25002

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Products Affected

Vendor Product Version
autodesk revit 2022
autodesk navisworks 2022
autodesk navisworks 2023
autodesk 3ds_max 2023
autodesk 3ds_max 2022
autodesk revit 2023
autodesk vred 2023
CVE-2023-25003

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_mechanical *
autodesk infraworks *
autodesk inventor *
autodesk autocad_electrical *
autodesk alias *
autodesk autocad_mep *
autodesk navisworks *
autodesk revit *
autodesk autocad_map_3d *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk maya_usd *
autodesk autocad_plant_3d *
autodesk vred *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-25004

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_mechanical *
autodesk infraworks *
autodesk inventor *
autodesk autocad_electrical *
autodesk alias *
autodesk autocad_mep *
autodesk navisworks *
autodesk revit *
autodesk autocad_map_3d *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk maya_usd *
autodesk autocad_plant_3d *
autodesk vred *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-25005

A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.

Products Affected

Vendor Product Version
autodesk infraworks *
autodesk infraworks 2021.2
autodesk infraworks 2023.1
CVE-2023-25006

A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.

Products Affected

Vendor Product Version
autodesk 3ds_max_usd *
CVE-2023-25007

A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.

Products Affected

Vendor Product Version
autodesk 3ds_max_usd *
CVE-2023-25008

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.

Products Affected

Vendor Product Version
autodesk 3ds_max_usd *
CVE-2023-25009

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.

Products Affected

Vendor Product Version
autodesk 3ds_max_usd *
CVE-2023-25010

A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.

Products Affected

Vendor Product Version
autodesk maya_usd *
CVE-2023-27906

A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.

Products Affected

Vendor Product Version
autodesk maya_usd *
CVE-2023-27907

A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution.

Products Affected

Vendor Product Version
autodesk maya_usd *
CVE-2023-27908

A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.

Products Affected

Vendor Product Version
autodesk installer *
CVE-2023-27909

An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2023-27910

A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2023-27911

A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2023-27912

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-27913

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-27914

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-27915

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-29067

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-29068

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_mechanical *
autodesk infraworks *
autodesk inventor *
autodesk autocad_electrical *
autodesk alias *
autodesk autocad_mep *
autodesk navisworks *
autodesk revit *
autodesk autocad_map_3d *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk maya_usd *
autodesk autocad_plant_3d *
autodesk vred *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-29069

A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk desktop_connector *
CVE-2023-29073

A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-29074

A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-29075

A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-29076

A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-41139

A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-41140

A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2023-41145

Autodesk users who no longer have an active license for an account can still access cases for that account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
autodesk customer_portal -
CVE-2023-41146

Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
autodesk customer_portal -
CVE-2023-7298

A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
autodesk fbx_software_development_kit *
CVE-2024-0446

A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-11268

A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
autodesk revit *
CVE-2024-11422

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-11454

A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2024-11608

A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2024-12178

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12179

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12191

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12192

A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12193

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12194

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12197

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12198

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12199

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12200

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12669

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12670

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-12671

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2024-23120

A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23121

A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23122

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23123

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23124

A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23125

A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23126

A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23127

A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23128

A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23129

A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23130

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23131

A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23133

A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23134

A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23135

A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23136

A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23138

A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23140

A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23141

A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23142

A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23143

A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23144

A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23145

A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23146

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23147

A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23148

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23149

A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23150

A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23151

A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23152

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23153

A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23154

A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23155

A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23156

A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23157

A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23158

A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-23159

A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-36999

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-37000

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-37001

A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-37002

A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-37003

A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-37004

A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-37005

A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-37006

A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-37007

A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-7305

A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2024-7670

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks 2025.2
autodesk navisworks 2025.1
autodesk navisworks 2025
CVE-2024-7671

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks 2025.2
autodesk navisworks 2025.1
autodesk navisworks 2025
CVE-2024-7672

A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks 2025.2
autodesk navisworks 2025.1
autodesk navisworks 2025
CVE-2024-7673

A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks 2025.2
autodesk navisworks 2025.1
autodesk navisworks 2025
CVE-2024-7674

A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks 2025.2
autodesk navisworks 2025.1
autodesk navisworks 2025
CVE-2024-7675

A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks 2025.2
autodesk navisworks 2025.1
autodesk navisworks 2025
CVE-2024-7991

A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-7992

A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-7993

A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2024-7994

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2024-7995

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk vred *
CVE-2024-8587

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_plant_3d 2025
autodesk advance_steel 2025
autodesk autocad_electrical 2025
autodesk autocad 2025
autodesk autocad_mechanical 2025
autodesk autocad_mep 2025
autodesk civil_3d 2025
autodesk autocad_architecture 2025
CVE-2024-8588

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8589

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8590

A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8591

A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8592

A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8593

A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8594

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8595

A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8596

A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8597

A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8598

A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8599

A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8600

A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-8896

A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-9489

A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-9500

A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.2 HIGH CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N 0.8 5.8

Products Affected

Vendor Product Version
autodesk installer *
CVE-2024-9826

A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-9827

A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-9996

A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2024-9997

A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_advance_steel *
autodesk autocad_civil_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk autocad *
autodesk autocad_architecture *
CVE-2025-10244

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 8.7 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N 2.3 5.8

Products Affected

Vendor Product Version
autodesk fusion *
CVE-2025-10881

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10882

AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10883

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10884

AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10885

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk installer *
CVE-2025-10886

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10887

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10888

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10889

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10898

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10899

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-10900

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-11795

A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2025-11797

A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2025-1273

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-1274

A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-1275

A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk advance_steel *
autodesk revit *
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_plant_3d *
autodesk civil_3d *
autodesk autocad *
autodesk autocad_architecture *
CVE-2025-1276

A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks_manage *
autodesk autocad_mechanical *
autodesk dwg_trueview *
autodesk inventor *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk advance_steel *
autodesk revit *
autodesk autocad_map_3d *
autodesk infrastructure_parts_editor *
autodesk autocad_lt *
autodesk vault *
autodesk autocad_plant_3d *
autodesk civil_3d *
autodesk autocad *
autodesk navisworks_simulate *
autodesk autocad_architecture *
CVE-2025-1277

A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-1427

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1428

A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1429

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1430

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1431

A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1432

A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1433

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-14593

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-1649

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1650

A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1651

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1652

A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
CVE-2025-1656

A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-1658

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2025-1659

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2025-1660

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk navisworks *
CVE-2025-2497

A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-4605

A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H 0.8 4.7

Products Affected

Vendor Product Version
autodesk universal_scene_description 0.31.0
autodesk universal_scene_description 0.10
autodesk maya *
CVE-2025-5036

A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-5037

A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-5038

A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.2
CVE-2025-5039

A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk infrastructure_parts_editor *
autodesk navisworks_manage *
autodesk vault *
autodesk inventor *
autodesk navisworks_simulate *
autodesk revit *
CVE-2025-5040

A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-5042

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-5043

A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.2
CVE-2025-5046

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk civil_3d 2026
autodesk autocad 2026
autodesk autocad_electrical 2026
autodesk advance_steel 2026
autodesk autocad_lt 2026
autodesk autocad_architecture 2026
autodesk autocad_mep 2026
autodesk autocad_plant_3d 2026
autodesk autocad_map_3d 2026
autodesk autocad_mechanical 2026
CVE-2025-5047

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk civil_3d 2026
autodesk autocad 2026
autodesk autocad_electrical 2026
autodesk advance_steel 2026
autodesk autocad_lt 2026
autodesk autocad_architecture 2026
autodesk autocad_mep 2026
autodesk autocad_plant_3d 2026
autodesk autocad_map_3d 2026
autodesk autocad_mechanical 2026
CVE-2025-5048

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk civil_3d 2026
autodesk autocad 2026
autodesk autocad_electrical 2026
autodesk advance_steel 2026
autodesk autocad_lt 2026
autodesk autocad_architecture 2026
autodesk autocad_mep 2026
autodesk autocad_plant_3d 2026
autodesk autocad_map_3d 2026
autodesk autocad_mechanical 2026
CVE-2025-5335

A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk installer *
CVE-2025-6631

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.2
CVE-2025-6632

A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 1.8 3.4
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2025-6633

A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2025-6634

A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2025-6635

A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.2
CVE-2025-6636

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.2
CVE-2025-6637

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.2
CVE-2025-7497

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.2
CVE-2025-7675

A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.2
CVE-2025-8354

A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk revit *
CVE-2025-8892

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.3
CVE-2025-8893

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
autodesk revit *
CVE-2025-8894

A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk autocad_map_3d *
autodesk autocad_lt *
autodesk autocad_mechanical *
autodesk autocad_plant_3d *
autodesk autocad_electrical *
autodesk autocad_mep *
autodesk civil_3d *
autodesk autocad *
autodesk advance_steel *
autodesk autocad_architecture *
autodesk revit *
CVE-2025-9452

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-9453

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-9454

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-9455

A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-9456

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-9457

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-9458

A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components 2026.3
CVE-2025-9459

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2025-9460

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2026-0533

A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
autodesk fusion *
CVE-2026-0534

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
autodesk fusion *
CVE-2026-0535

A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.1 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N 1.8 5.2

Products Affected

Vendor Product Version
autodesk fusion *
CVE-2026-0536

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2026-0537

A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2026-0538

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2026-0660

A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2026-0661

A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2026-0662

A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk 3ds_max *
CVE-2026-0874

A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *
CVE-2026-0875

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@autodesk.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
autodesk shared_components *