Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_electrical | 2005 |
| autodesk | autocad_lt | 2005 |
| autodesk | 3ds_max | 7 |
| autodesk | map_3d | 2006 |
| autodesk | autocad_electrical | 2006 |
| autodesk | building_systems | 2005 |
| autodesk | inventor | 10 |
| autodesk | land_desktop | 2005 |
| autodesk | map_3d | 2005 |
| autodesk | architectural_desktop | 2006 |
| autodesk | autocad | 2005 |
| autodesk | autocad | 2006 |
| autodesk | civil_design | 2005 |
| autodesk | survey | 2005 |
| autodesk | building_systems | 2006 |
| autodesk | revit | 7 |
| autodesk | land_desktop | 2006 |
| autodesk | survey | 2006 |
| autodesk | raster_design | 2005 |
| autodesk | revit_structure | 6 |
| autodesk | revit | 8 |
| autodesk | autocad_mechanical | 2006 |
| autodesk | raster_design | 2006 |
| autodesk | autocad_civil_3d | 2005 |
| autodesk | architectural_desktop | 2005 |
| autodesk | inventor | 9 |
| autodesk | revit_structure | 8.1 |
| autodesk | autocad_mechanical | 2005 |
| autodesk | autocad_lt | 2006 |
| autodesk | utility_design | 2005 |
| autodesk | autocad_civil_3d | 2006 |
| autodesk | viz | 2006 |
Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_architecture | 2011 |
| autodesk | autocad_lt | 2014 |
| autodesk | autocad_structural_detailing | 2013 |
| autodesk | autocad | 2013 |
| autodesk | autocad_structural_detailing | 2012 |
| autodesk | autocad_utility_design | 2013 |
| autodesk | autocad | 2012 |
| autodesk | autocad_electrical | 2013 |
| autodesk | dwg_trueview | 2014 |
| autodesk | autocad_map_3d | 2014 |
| autodesk | autocad_mechanical | 2012 |
| autodesk | autocad_ecscad | 2011 |
| autodesk | autocad_lt | 2011 |
| autodesk | autocad_map_3d | 2012 |
| autodesk | autocad_ecscad | 2012 |
| autodesk | autocad_electrical | 2011 |
| autodesk | autocad_mep | 2014 |
| autodesk | autocad_ecscad | 2014 |
| autodesk | autocad_architecture | 2013 |
| autodesk | autocad_ecscad | 2013 |
| autodesk | autocad_mechanical | 2014 |
| autodesk | autocad_plant_3d | 2012 |
| autodesk | autocad | 2011 |
| autodesk | autocad_civil_3d | 2014 |
| autodesk | dwg_trueview | 2012 |
| autodesk | autocad | 2014 |
| autodesk | autocad_lt | 2012 |
| autodesk | autocad_mechanical | 2011 |
| autodesk | autocad_plant_3d | 2013 |
| autodesk | autocad_lt | 2013 |
| autodesk | autocad_utility_design | 2011 |
| autodesk | dwg_trueview | 2011 |
| autodesk | autocad_civil_3d | 2012 |
| autodesk | autocad_map_3d | 2013 |
| autodesk | autocad_architecture | 2014 |
| autodesk | autocad_utility_design | 2012 |
| autodesk | autocad_mep | 2012 |
| autodesk | autocad_map_3d | 2011 |
| autodesk | autocad_civil_3d | 2011 |
| autodesk | autocad_p&id | 2011 |
| autodesk | autocad_civil_3d | 2013 |
| autodesk | autocad_p&id | 2013 |
| autodesk | autocad_electrical | 2014 |
| autodesk | autocad_p&id | 2012 |
| autodesk | autocad_structural_detailing | 2011 |
| autodesk | dwg_trueview | 2013 |
| autodesk | autocad_architecture | 2012 |
| autodesk | autocad_utility_design | 2014 |
| autodesk | autocad_electrical | 2012 |
| autodesk | autocad_p&id | 2014 |
| autodesk | autocad_mep | 2013 |
| autodesk | autocad_structural_detailing | 2014 |
| autodesk | autocad_mep | 2011 |
| autodesk | autocad_mechanical | 2013 |
| autodesk | autocad_plant_3d | 2011 |
| autodesk | autocad_plant_3d | 2014 |
Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | sketchbook | * |
| autodesk | sketchbook_express | * |
| autodesk | sketchbook_for_enterprise_2014 | * |
| autodesk | sketchbook_pro | * |
Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad | * |
Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad | * |
Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | vred | 2014 |
Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | sketchbook_pro | 6.2.4 |
| autodesk | sketchbook_pro | * |
Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | sketchbook_pro | 6.2.4 |
| autodesk | sketchbook_pro | * |
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | * |
Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2013 |
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2013 |
Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autodesk_backburner | * |
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-19,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | 2018 |
| autodesk | advance_steel | 2018 |
| autodesk | civil_3d | 2018 |
| autodesk | autocad_architecture | 2018 |
| autodesk | autocad_lt | 2018 |
| autodesk | autocad_mep | 2018 |
| autodesk | autocad | 2018 |
| autodesk | autocad_electrical | 2018 |
| autodesk | autocad_mechanical | 2018 |
| autodesk | autocad_plant_3d | 2018 |
| autodesk | autocad_p&id | 2018 |
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | 2018 |
| autodesk | advance_steel | 2018 |
| autodesk | civil_3d | 2018 |
| autodesk | autocad_architecture | 2018 |
| autodesk | autocad_lt | 2018 |
| autodesk | autocad_mep | 2018 |
| autodesk | autocad | 2018 |
| autodesk | autocad_electrical | 2018 |
| autodesk | autocad_mechanical | 2018 |
| autodesk | autocad_plant_3d | 2018 |
| autodesk | autocad_p&id | 2018 |
An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | 2018 |
| autodesk | advance_steel | 2018 |
| autodesk | civil_3d | 2018 |
| autodesk | autocad_architecture | 2018 |
| autodesk | autocad_lt | 2018 |
| autodesk | autocad_mep | 2018 |
| autodesk | autocad | 2018 |
| autodesk | autocad_electrical | 2018 |
| autodesk | autocad_mechanical | 2018 |
| autodesk | autocad_plant_3d | 2018 |
| autodesk | autocad_p&id | 2018 |
An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | 2018 |
| autodesk | advance_steel | 2018 |
| autodesk | civil_3d | 2018 |
| autodesk | autocad_architecture | 2018 |
| autodesk | autocad_lt | 2018 |
| autodesk | autocad_mep | 2018 |
| autodesk | autocad | 2018 |
| autodesk | autocad_electrical | 2018 |
| autodesk | autocad_mechanical | 2018 |
| autodesk | autocad_plant_3d | 2018 |
| autodesk | autocad_p&id | 2018 |
DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_architecture | 2017 |
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | advance_steel | 2019 |
| autodesk | autocad_p&id | 2017 |
| autodesk | autocad_lt | 2017 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | civil_3d | 2017 |
| autodesk | civil_3d | 2020 |
| autodesk | advance_steel | 2020 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_electrical | 2018 |
| autodesk | autocad_mechanical | 2017 |
| autodesk | autocad_mechanical | 2018 |
| autodesk | autocad_plant_3d | 2018 |
| autodesk | autocad_plant_3d | 2017 |
| autodesk | advance_steel | 2017 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | civil_3d | 2018 |
| autodesk | autocad_mep | 2017 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_architecture | 2018 |
| autodesk | autocad | 2018 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_map_3d | 2018 |
| autodesk | autocad_electrical | 2017 |
| autodesk | autocad | 2017 |
| autodesk | autocad | 2020 |
| autodesk | civil_3d | 2019 |
| autodesk | advance_steel | 2018 |
| autodesk | autocad | 2019 |
| autodesk | autocad_lt | 2018 |
| autodesk | autocad_mep | 2018 |
| autodesk | autocad_map_3d | 2017 |
| autodesk | autocad_map_3d | 2019 |
DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autodesk_desktop | * |
Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | 2019.5 |
An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | dynamo_bim | 2.5.1 |
| autodesk | dynamo_bim | 2.5.0 |
A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-843,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_review | * |
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_review | * |
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_review | * |
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_review | * |
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_review | * |
Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | licensing_services | 9.0.1.1462.100 |
A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. This vulnerability can be exploited to execute arbitrary code
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by remote malicious actors to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. A malicious actor can leverage this to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-843,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
| autodesk | autocad | * |
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mechanical | * |
| mitsubishielectric | mc_works64 | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_electrical | * |
| iconics | genesis64 | * |
| autodesk | autocad_mep | * |
| autodesk | advance_steel | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_plant_3d | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mechanical | * |
| mitsubishielectric | mc_works64 | * |
| autodesk | autocad_electrical | * |
| iconics | genesis64 | * |
| autodesk | autocad_mep | * |
| autodesk | advance_steel | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_plant_3d | * |
| autodesk | civil_3d | * |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-755,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_review | 1.4.0 |
A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2022 |
| autodesk | navisworks | 2021 |
| autodesk | navisworks | 2020 |
| autodesk | navisworks | 2019 |
A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2022 |
| autodesk | navisworks | 2021 |
| autodesk | navisworks | 2020 |
| autodesk | navisworks | 2019 |
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2022 |
| autodesk | navisworks | 2021 |
| autodesk | navisworks | 2020 |
| autodesk | navisworks | 2019 |
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2022 |
| autodesk | navisworks | 2021 |
| autodesk | navisworks | 2020 |
| autodesk | navisworks | 2019 |
A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_review | * |
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mechanical | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | inventor | 2020 |
| autodesk | autocad_mep | * |
| autodesk | advance_steel | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | inventor | 2019 |
| autodesk | autocad_plant_3d | * |
| autodesk | inventor | 2021 |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mechanical | * |
| autodesk | autocad_electrical | * |
| autodesk | inventor | 2020 |
| autodesk | autocad_mep | * |
| autodesk | advance_steel | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | inventor | 2019 |
| autodesk | autocad_plant_3d | * |
| autodesk | inventor | 2021 |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | inventor | 2022 |
| autodesk | autocad_architecture | * |
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mechanical | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | advance_steel | * |
| autodesk | revit | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_plant_3d | * |
| autodesk | civil_3d | * |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad | 2022 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_mechanical | * |
| autodesk | autocad | 2021 |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | advance_steel | * |
| autodesk | revit | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad | 2020 |
| autodesk | autocad_plant_3d | * |
| autodesk | civil_3d | * |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_architecture | * |
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | 2022 |
| autodesk | autocad_mechanical | * |
| autodesk | infraworks | * |
| autodesk | dwg_trueview | * |
| autodesk | storm_and_sanitary_analysis | 2022 |
| autodesk | infrastructure_parts_editor | 2021 |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | infraworks | 2022.1 |
| autodesk | storm_and_sanitary_analysis | 2019 |
| autodesk | autocad_civil_3d | * |
| autodesk | infraworks | 2020.2 |
| autodesk | autocad_advance_steel | * |
| autodesk | storm_and_sanitary_analysis | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | revit | * |
| autodesk | infraworks | 2022.0 |
| autodesk | autocad_map_3d | * |
| autodesk | infrastructure_parts_editor | 2022 |
| autodesk | infrastructure_parts_editor | * |
| autodesk | autocad_lt | * |
| autodesk | infraworks | 2021.2 |
| autodesk | autocad_plant_3d | * |
| autodesk | fusion | * |
| autodesk | infraworks | 2019.3 |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | 2022 |
| autodesk | autocad_mechanical | * |
| autodesk | infraworks | * |
| autodesk | dwg_trueview | * |
| autodesk | storm_and_sanitary_analysis | 2022 |
| autodesk | infrastructure_parts_editor | 2021 |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | infraworks | 2022.1 |
| autodesk | storm_and_sanitary_analysis | 2019 |
| autodesk | autocad_civil_3d | * |
| autodesk | infraworks | 2020.2 |
| autodesk | autocad_advance_steel | * |
| autodesk | storm_and_sanitary_analysis | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | revit | * |
| autodesk | infraworks | 2022.0 |
| autodesk | autocad_map_3d | * |
| autodesk | infrastructure_parts_editor | 2022 |
| autodesk | infrastructure_parts_editor | * |
| autodesk | autocad_lt | * |
| autodesk | infraworks | 2021.2 |
| autodesk | autocad_plant_3d | * |
| autodesk | fusion | * |
| autodesk | infraworks | 2019.3 |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | 2022 |
| autodesk | autocad_mechanical | * |
| autodesk | infraworks | * |
| autodesk | dwg_trueview | * |
| autodesk | storm_and_sanitary_analysis | 2022 |
| autodesk | infrastructure_parts_editor | 2021 |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | infraworks | 2022.1 |
| autodesk | storm_and_sanitary_analysis | 2019 |
| autodesk | autocad_civil_3d | * |
| autodesk | infraworks | 2020.2 |
| autodesk | autocad_advance_steel | * |
| autodesk | storm_and_sanitary_analysis | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | revit | * |
| autodesk | infraworks | 2022.0 |
| autodesk | autocad_map_3d | * |
| autodesk | infrastructure_parts_editor | 2022 |
| autodesk | infrastructure_parts_editor | * |
| autodesk | autocad_lt | * |
| autodesk | infraworks | 2021.2 |
| autodesk | autocad_plant_3d | * |
| autodesk | fusion | * |
| autodesk | infraworks | 2019.3 |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | 2022 |
| autodesk | autocad_mechanical | * |
| autodesk | infraworks | * |
| autodesk | dwg_trueview | * |
| autodesk | storm_and_sanitary_analysis | 2022 |
| autodesk | infrastructure_parts_editor | 2021 |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | infraworks | 2022.1 |
| autodesk | storm_and_sanitary_analysis | 2019 |
| autodesk | autocad_civil_3d | * |
| autodesk | infraworks | 2020.2 |
| autodesk | autocad_advance_steel | * |
| autodesk | storm_and_sanitary_analysis | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | revit | * |
| autodesk | infraworks | 2022.0 |
| autodesk | autocad_map_3d | * |
| autodesk | infrastructure_parts_editor | 2022 |
| autodesk | infrastructure_parts_editor | * |
| autodesk | autocad_lt | * |
| autodesk | infraworks | 2021.2 |
| autodesk | autocad_plant_3d | * |
| autodesk | fusion | * |
| autodesk | infraworks | 2019.3 |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | 2022 |
| autodesk | autocad_mechanical | * |
| autodesk | infraworks | * |
| autodesk | dwg_trueview | * |
| autodesk | storm_and_sanitary_analysis | 2022 |
| autodesk | infrastructure_parts_editor | 2021 |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | infraworks | 2022.1 |
| autodesk | storm_and_sanitary_analysis | 2019 |
| autodesk | autocad_civil_3d | * |
| autodesk | infraworks | 2020.2 |
| autodesk | autocad_advance_steel | * |
| autodesk | storm_and_sanitary_analysis | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | revit | * |
| autodesk | infraworks | 2022.0 |
| autodesk | autocad_map_3d | * |
| autodesk | infrastructure_parts_editor | 2022 |
| autodesk | infrastructure_parts_editor | * |
| autodesk | autocad_lt | * |
| autodesk | infraworks | 2021.2 |
| autodesk | autocad_plant_3d | * |
| autodesk | fusion | * |
| autodesk | infraworks | 2019.3 |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2018 |
A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | inventor | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. This vulnerability may allow arbitrary code execution on affected installations of Autodesk 3ds Max.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_review | * |
A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-755,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad | * |
A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-415,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to dereference for a write beyond the allocated buffer while parsing PDF files. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | dwg_trueview | 2022 |
| autodesk | dwg_trueview | 2021 |
A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | dwg_trueview | * |
An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | dwg_trueview | * |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2017 |
| autodesk | design_review | 2013 |
| autodesk | design_review | 2012 |
| autodesk | design_review | 2018 |
| autodesk | design_review | 2011 |
A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad | 2022 |
| autodesk | autocad | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad | 2023 |
A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad | 2023 |
A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad | 2023 |
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-770,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | 2022 |
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | revit | 2020 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | advance_steel | 2020 |
| autodesk | navisworks | 2022 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad | 2021 |
| autodesk | revit | 2021 |
| autodesk | navisworks | 2020 |
| autodesk | advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | navisworks | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | advance_steel | 2022 |
| autodesk | autocad_lt | 2022 |
| autodesk | advance_steel | 2019 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | 3ds_max | 2021 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | design_review | 2018 |
| autodesk | 3ds_max | 2022 |
A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-755,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2022 |
An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fusion_360 | * |
Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad_plant_3d | 2023 |
Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autodesk_desktop | * |
A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | advanced_material_exchange | 2021 |
| autodesk | advanced_material_exchange | 2019 |
| autodesk | moldflow_adviser | 2019 |
| autodesk | moldflow_adviser | 2021 |
| autodesk | moldflow_communicator | 2021 |
| autodesk | moldflow_communicator | 2019 |
| autodesk | moldflow_synergy | 2019 |
| autodesk | moldflow_synergy | 2021 |
Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | design_review | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_plant_3d | * |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | design_review | 2018 |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | subassembly_composer | * |
An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | 2020.0 |
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | 2020.0 |
An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | 2020.0 |
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | subassembly_composer | 2020 |
| autodesk | subassembly_composer | 2022 |
| autodesk | subassembly_composer | 2021 |
| autodesk | subassembly_composer | 2023 |
A maliciously crafted PCT file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | design_review | 2018 |
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | subassembly_composer | 2020 |
| autodesk | subassembly_composer | 2022 |
| autodesk | subassembly_composer | 2021 |
| autodesk | subassembly_composer | 2023 |
A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | subassembly_composer | 2020 |
| autodesk | subassembly_composer | 2022 |
| autodesk | subassembly_composer | 2021 |
| autodesk | subassembly_composer | 2023 |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mep | 2019 |
| autodesk | autocad_plant_3d | 2020 |
| autodesk | autocad_mep | 2021 |
| autodesk | autocad_plant_3d | 2019 |
| autodesk | autocad_civil_3d | 2022 |
| autodesk | autocad_plant_3d | 2021 |
| autodesk | autocad_map_3d | 2020 |
| autodesk | autocad_civil_3d | 2021 |
| autodesk | autocad_mechanical | 2019 |
| autodesk | autocad_architecture | 2021 |
| autodesk | autocad_map_3d | 2021 |
| autodesk | autocad_map_3d | 2023 |
| autodesk | autocad_electrical | 2022 |
| autodesk | autocad_mep | 2023 |
| autodesk | autocad_advance_steel | 2019 |
| autodesk | autocad | 2021 |
| autodesk | autocad_civil_3d | 2023 |
| autodesk | autocad_advance_steel | 2023 |
| autodesk | autocad_advance_steel | 2021 |
| autodesk | autocad | 2020 |
| autodesk | autocad | 2019 |
| autodesk | autocad_map_3d | 2019 |
| autodesk | autocad_advance_steel | 2022 |
| autodesk | autocad_plant_3d | 2023 |
| autodesk | autocad_lt | 2022 |
| autodesk | autocad_mechanical | 2021 |
| autodesk | autocad_lt | 2023 |
| autodesk | autocad_lt | 2019 |
| autodesk | autocad_electrical | 2020 |
| autodesk | autocad_architecture | 2022 |
| autodesk | autocad_map_3d | 2022 |
| autodesk | autocad_architecture | 2020 |
| autodesk | autocad_electrical | 2021 |
| autodesk | autocad_mechanical | 2022 |
| autodesk | autocad_mep | 2022 |
| autodesk | autocad_advance_steel | 2020 |
| autodesk | autocad_lt | 2021 |
| autodesk | autocad_civil_3d | 2019 |
| autodesk | autocad_civil_3d | 2020 |
| autodesk | autocad | 2022 |
| autodesk | autocad_mep | 2020 |
| autodesk | autocad_lt | 2020 |
| autodesk | autocad_architecture | 2019 |
| autodesk | autocad_plant_3d | 2022 |
| autodesk | autocad_mechanical | 2020 |
| autodesk | autocad_electrical | 2019 |
| autodesk | autocad_architecture | 2023 |
| autodesk | autocad_mechanical | 2023 |
| autodesk | autocad | 2023 |
| autodesk | autocad_electrical | 2023 |
| autodesk | design_review | 2018 |
DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerability. Successful exploitation by a malicious attacker could result in remote code execution on the target system.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | dwg_trueview | 2023 |
Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya 2023 and 2022 to read beyond allocated buffer. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | maya | 2023 |
A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | maya | 2023 |
A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2022 |
| autodesk | navisworks | 2023 |
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | 2022 |
| autodesk | navisworks | 2022 |
| autodesk | navisworks | 2023 |
| autodesk | 3ds_max | 2023 |
| autodesk | 3ds_max | 2022 |
| autodesk | revit | 2023 |
| autodesk | vred | 2023 |
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_mechanical | * |
| autodesk | infraworks | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | alias | * |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | revit | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | maya_usd | * |
| autodesk | autocad_plant_3d | * |
| autodesk | vred | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_mechanical | * |
| autodesk | infraworks | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | alias | * |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | revit | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | maya_usd | * |
| autodesk | autocad_plant_3d | * |
| autodesk | vred | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | infraworks | * |
| autodesk | infraworks | 2021.2 |
| autodesk | infraworks | 2023.1 |
A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max_usd | * |
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max_usd | * |
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max_usd | * |
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max_usd | * |
A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | maya_usd | * |
A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | maya_usd | * |
A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | maya_usd | * |
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | installer | * |
An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_mechanical | * |
| autodesk | infraworks | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | alias | * |
| autodesk | autocad_mep | * |
| autodesk | navisworks | * |
| autodesk | revit | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | maya_usd | * |
| autodesk | autocad_plant_3d | * |
| autodesk | vred | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | desktop_connector | * |
A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
Autodesk users who no longer have an active license for an account can still access cases for that account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | customer_portal | - |
Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | customer_portal | - |
A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 3.9 | 1.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fbx_software_development_kit | * |
A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted STP file, when parsed in ASMIMPORT228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed in libodxdll.dll and ASMDATAX229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL 3DM, STP, or SLDASM file, when in opennurbs.dll parsed through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted STP file, when parsed in ASMIMPORT229A.dll, ASMKERN228A.dll, ASMkern229A.dll or ASMDATAX228A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk applications can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed in libodxdll through Autodesk applications, can cause a double free. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PRT file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDDRW file, when parsed in ODXSW_DLL.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM file, when parsed in ASMkern229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed in libodx.dll through Autodesk applications, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed in atf_asm_interface.dll through Autodesk applications, can be used to cause a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM file, when parsed in opennurbs.dll and ASMkern229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDASM or SLDPRT file, when parsed in ODXSW_DLL.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted IGES file, when parsed in ASMImport229A.dll through Autodesk applications, can be used to cause a use-after-free vulnerability. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted STP file, when parsed in stp_aim_x64_vc15d.dll through Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDPRT file, when parsed in ASMKERN229A.dll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash,read sensitive data, or execute arbitrary code in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPRODUCT file, when parsed in CC5Dll.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the context of the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2025.2 |
| autodesk | navisworks | 2025.1 |
| autodesk | navisworks | 2025 |
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2025.2 |
| autodesk | navisworks | 2025.1 |
| autodesk | navisworks | 2025 |
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2025.2 |
| autodesk | navisworks | 2025.1 |
| autodesk | navisworks | 2025 |
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2025.2 |
| autodesk | navisworks | 2025.1 |
| autodesk | navisworks | 2025 |
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2025.2 |
| autodesk | navisworks | 2025.1 |
| autodesk | navisworks | 2025 |
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | 2025.2 |
| autodesk | navisworks | 2025.1 |
| autodesk | navisworks | 2025 |
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | vred | * |
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_plant_3d | 2025 |
| autodesk | advance_steel | 2025 |
| autodesk | autocad_electrical | 2025 |
| autodesk | autocad | 2025 |
| autodesk | autocad_mechanical | 2025 |
| autodesk | autocad_mep | 2025 |
| autodesk | civil_3d | 2025 |
| autodesk | autocad_architecture | 2025 |
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.2 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N | 0.8 | 5.8 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | installer | * |
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_advance_steel | * |
| autodesk | autocad_civil_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 8.7 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N | 2.3 | 5.8 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fusion | * |
A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
AA maliciously crafted X_T file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
AA maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | installer | * |
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | advance_steel | * |
| autodesk | revit | * |
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_plant_3d | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | autocad_architecture | * |
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks_manage | * |
| autodesk | autocad_mechanical | * |
| autodesk | dwg_trueview | * |
| autodesk | inventor | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | advance_steel | * |
| autodesk | revit | * |
| autodesk | autocad_map_3d | * |
| autodesk | infrastructure_parts_editor | * |
| autodesk | autocad_lt | * |
| autodesk | vault | * |
| autodesk | autocad_plant_3d | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | navisworks_simulate | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted SLDPRT file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted CATPRODUCT file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | navisworks | * |
A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service (DoS), or cause data corruption.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H | 0.8 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | universal_scene_description | 0.31.0 |
| autodesk | universal_scene_description | 0.10 |
| autodesk | maya | * |
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted RFA, RTE, or RVT file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.2 |
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | infrastructure_parts_editor | * |
| autodesk | navisworks_manage | * |
| autodesk | vault | * |
| autodesk | inventor | * |
| autodesk | navisworks_simulate | * |
| autodesk | revit | * |
A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.2 |
A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | civil_3d | 2026 |
| autodesk | autocad | 2026 |
| autodesk | autocad_electrical | 2026 |
| autodesk | advance_steel | 2026 |
| autodesk | autocad_lt | 2026 |
| autodesk | autocad_architecture | 2026 |
| autodesk | autocad_mep | 2026 |
| autodesk | autocad_plant_3d | 2026 |
| autodesk | autocad_map_3d | 2026 |
| autodesk | autocad_mechanical | 2026 |
A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | civil_3d | 2026 |
| autodesk | autocad | 2026 |
| autodesk | autocad_electrical | 2026 |
| autodesk | advance_steel | 2026 |
| autodesk | autocad_lt | 2026 |
| autodesk | autocad_architecture | 2026 |
| autodesk | autocad_mep | 2026 |
| autodesk | autocad_plant_3d | 2026 |
| autodesk | autocad_map_3d | 2026 |
| autodesk | autocad_mechanical | 2026 |
A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | civil_3d | 2026 |
| autodesk | autocad | 2026 |
| autodesk | autocad_electrical | 2026 |
| autodesk | advance_steel | 2026 |
| autodesk | autocad_lt | 2026 |
| autodesk | autocad_architecture | 2026 |
| autodesk | autocad_mep | 2026 |
| autodesk | autocad_plant_3d | 2026 |
| autodesk | autocad_map_3d | 2026 |
| autodesk | autocad_mechanical | 2026 |
A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Exploitation of this vulnerability may lead to code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | installer | * |
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.2 |
A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.2 |
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.2 |
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.2 |
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.2 |
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.2 |
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Type Confusion vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | revit | * |
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.3 |
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
| autodesk | revit | * |
A maliciously crafted PDF file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | autocad_map_3d | * |
| autodesk | autocad_lt | * |
| autodesk | autocad_mechanical | * |
| autodesk | autocad_plant_3d | * |
| autodesk | autocad_electrical | * |
| autodesk | autocad_mep | * |
| autodesk | civil_3d | * |
| autodesk | autocad | * |
| autodesk | advance_steel | * |
| autodesk | autocad_architecture | * |
| autodesk | revit | * |
A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | 2026.3 |
A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fusion | * |
A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fusion | * |
A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | fusion | * |
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | 3ds_max | * |
A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |
A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| psirt@autodesk.com | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| autodesk | shared_components | * |