Search
Find a vulnerability
Search criteria
14 vulnerabilities found for infrastructure_parts_editor by autodesk
CVE-2025-5039 (GCVE-0-2025-5039)
Vulnerability from nvd – Published: 2025-07-24 17:11 – Updated: 2026-05-28 19:50
VLAI
Title
Privilege Ecalation due to Untrusted Search Path Vulnerability
Summary
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.autodesk.com/products/autodesk-access… | patch |
| https://www.autodesk.com/trust/security-advisorie… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Autodesk | AutoCAD |
Affected:
2026 , < 2026.1
(custom)
cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD LT |
Affected:
2026 , < 2026.1
(custom)
cpe:2.3:a:autodesk:autocad_lt:2026:*:*:*:*:*:*:* |
|
| Autodesk | RealDWG |
Affected:
2026 , < 2026.0.2
(custom)
cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:* |
|
| Autodesk | 3ds Max |
Affected:
2027 , < 2027.1
(custom)
Affected: 2026 , < 2026.3.3 (custom) cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:* cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T03:55:31.845753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:15.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.0.2",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "3ds Max",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2027.1",
"status": "affected",
"version": "2027",
"versionType": "custom"
},
{
"lessThan": "2026.3.3",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.\u003cbr\u003e"
}
],
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:50:20.274Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Ecalation due to Untrusted Search Path Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5039",
"datePublished": "2025-07-24T17:11:14.714Z",
"dateReserved": "2025-05-21T13:00:59.147Z",
"dateUpdated": "2026-05-28T19:50:20.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1276 (GCVE-0-2025-1276)
Vulnerability from nvd – Published: 2025-04-15 20:55 – Updated: 2026-02-26 18:28
VLAI
Title
DWG File Parsing Out-of-Bounds Write Vulnerability
Summary
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.autodesk.com/products/autodesk-access… | patch |
| https://www.autodesk.com/products/dwg-trueview/overview | patch |
| https://www.autodesk.com/trust/security-advisorie… | vendor-advisory |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Autodesk | AutoCAD |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Architecture |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Electrical |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD MAP 3D |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Mechanical |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD MEP |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Plant 3D |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:* |
|
| Autodesk | Advance Steel |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD LT |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:* |
|
| Autodesk | RealDWG |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:realdwg:2024:*:*:*:*:*:*:* |
|
| Autodesk | DWG TrueView |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:46.650494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:17.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:realdwg:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T20:54:16.150Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/dwg-trueview/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWG File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1276",
"datePublished": "2025-04-15T20:55:04.255Z",
"dateReserved": "2025-02-13T15:16:31.469Z",
"dateUpdated": "2026-02-26T18:28:17.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-40166 (GCVE-0-2021-40166)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Severity
No CVSS data available.
CWE
- Use-After-Free
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40166",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40165 (GCVE-0-2021-40165)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40165",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40164 (GCVE-0-2021-40164)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity
No CVSS data available.
CWE
- Heap-based Overflow
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40164",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40163 (GCVE-0-2021-40163)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
Severity
No CVSS data available.
CWE
- Memory Corruption
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40163",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40162 (GCVE-0-2021-40162)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity
No CVSS data available.
CWE
- Out-of-Band Read
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Band Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40162",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5039 (GCVE-0-2025-5039)
Vulnerability from cvelistv5 – Published: 2025-07-24 17:11 – Updated: 2026-05-28 19:50
VLAI
Title
Privilege Ecalation due to Untrusted Search Path Vulnerability
Summary
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.autodesk.com/products/autodesk-access… | patch |
| https://www.autodesk.com/trust/security-advisorie… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Autodesk | AutoCAD |
Affected:
2026 , < 2026.1
(custom)
cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD LT |
Affected:
2026 , < 2026.1
(custom)
cpe:2.3:a:autodesk:autocad_lt:2026:*:*:*:*:*:*:* |
|
| Autodesk | RealDWG |
Affected:
2026 , < 2026.0.2
(custom)
cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:* |
|
| Autodesk | 3ds Max |
Affected:
2027 , < 2027.1
(custom)
Affected: 2026 , < 2026.3.3 (custom) cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:* cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-25T03:55:31.845753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:15.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.0.2",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:3ds_max:2027:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "3ds Max",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2027.1",
"status": "affected",
"version": "2027",
"versionType": "custom"
},
{
"lessThan": "2026.3.3",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.\u003cbr\u003e"
}
],
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T19:50:20.274Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Ecalation due to Untrusted Search Path Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5039",
"datePublished": "2025-07-24T17:11:14.714Z",
"dateReserved": "2025-05-21T13:00:59.147Z",
"dateUpdated": "2026-05-28T19:50:20.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1276 (GCVE-0-2025-1276)
Vulnerability from cvelistv5 – Published: 2025-04-15 20:55 – Updated: 2026-02-26 18:28
VLAI
Title
DWG File Parsing Out-of-Bounds Write Vulnerability
Summary
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.autodesk.com/products/autodesk-access… | patch |
| https://www.autodesk.com/products/dwg-trueview/overview | patch |
| https://www.autodesk.com/trust/security-advisorie… | vendor-advisory |
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Autodesk | AutoCAD |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Architecture |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Electrical |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD MAP 3D |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Mechanical |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD MEP |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD Plant 3D |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:* |
|
| Autodesk | Advance Steel |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:* |
|
| Autodesk | AutoCAD LT |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:* |
|
| Autodesk | RealDWG |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:realdwg:2024:*:*:*:*:*:*:* |
|
| Autodesk | DWG TrueView |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T03:55:46.650494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:17.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:realdwg:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T20:54:16.150Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/dwg-trueview/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWG File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1276",
"datePublished": "2025-04-15T20:55:04.255Z",
"dateReserved": "2025-02-13T15:16:31.469Z",
"dateUpdated": "2026-02-26T18:28:17.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-40166 (GCVE-0-2021-40166)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Severity
No CVSS data available.
CWE
- Use-After-Free
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40166",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40162 (GCVE-0-2021-40162)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity
No CVSS data available.
CWE
- Out-of-Band Read
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Band Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40162",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40165 (GCVE-0-2021-40165)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40165",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40164 (GCVE-0-2021-40164)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity
No CVSS data available.
CWE
- Heap-based Overflow
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40164",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40163 (GCVE-0-2021-40163)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
Severity
No CVSS data available.
CWE
- Memory Corruption
Assigner
References
1 reference
Impacted products
1 product
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00.000Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40163",
"datePublished": "2022-10-07T00:00:00.000Z",
"dateReserved": "2021-08-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}