Search criteria
28 vulnerabilities found for inventor by autodesk
CVE-2025-5039 (GCVE-0-2025-5039)
Vulnerability from nvd – Published: 2025-07-24 17:11 – Updated: 2025-08-19 13:17
VLAI?
Title
Privilege Ecalation due to Untrusted Search Path Vulnerability
Summary
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
Severity ?
7.8 (High)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | AutoCAD |
Affected:
2026 , < 2026.1
(custom)
cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T03:55:30.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.0.2",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.\u003cbr\u003e"
}
],
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:17:42.116Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Ecalation due to Untrusted Search Path Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5039",
"datePublished": "2025-07-24T17:11:14.714Z",
"dateReserved": "2025-05-21T13:00:59.147Z",
"dateUpdated": "2025-08-19T13:17:42.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1276 (GCVE-0-2025-1276)
Vulnerability from nvd – Published: 2025-04-15 20:55 – Updated: 2025-10-07 20:54
VLAI?
Title
DWG File Parsing Out-of-Bounds Write Vulnerability
Summary
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | AutoCAD |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T03:55:45.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:realdwg:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T20:54:16.150Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/dwg-trueview/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWG File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1276",
"datePublished": "2025-04-15T20:55:04.255Z",
"dateReserved": "2025-02-13T15:16:31.469Z",
"dateUpdated": "2025-10-07T20:54:16.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29068 (GCVE-0-2023-29068)
Vulnerability from nvd – Published: 2023-06-27 00:00 – Updated: 2024-12-05 14:41
VLAI?
Summary
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Severity ?
No CVSS data available.
CWE
- memory corruption vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk products |
Affected:
2023, 2022, 2021, 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T14:41:27.413833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:41:43.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Autodesk products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023, 2022, 2021, 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "memory corruption vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-27T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2023-29068",
"datePublished": "2023-06-27T00:00:00",
"dateReserved": "2023-03-30T00:00:00",
"dateUpdated": "2024-12-05T14:41:43.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25004 (GCVE-0-2023-25004)
Vulnerability from nvd – Published: 2023-06-27 00:00 – Updated: 2024-12-05 14:40
VLAI?
Summary
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Severity ?
No CVSS data available.
CWE
- Integer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk products |
Affected:
2023, 2022, 2021, 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T14:39:57.188378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:40:18.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Autodesk products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023, 2022, 2021, 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-27T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2023-25004",
"datePublished": "2023-06-27T00:00:00",
"dateReserved": "2023-02-01T00:00:00",
"dateUpdated": "2024-12-05T14:40:18.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25003 (GCVE-0-2023-25003)
Vulnerability from nvd – Published: 2023-06-23 00:00 – Updated: 2024-12-05 17:10
VLAI?
Summary
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
Severity ?
No CVSS data available.
CWE
- out-of-bound read write / read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AutoCAD, Maya |
Affected:
2023, 2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T17:09:59.558363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T17:10:10.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": " AutoCAD, Maya ",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bound read write / read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2023-25003",
"datePublished": "2023-06-23T00:00:00",
"dateReserved": "2023-02-01T00:00:00",
"dateUpdated": "2024-12-05T17:10:10.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40166 (GCVE-0-2021-40166)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Use-After-Free
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40166",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40165 (GCVE-0-2021-40165)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40165",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40164 (GCVE-0-2021-40164)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Heap-based Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40164",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40163 (GCVE-0-2021-40163)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
Severity ?
No CVSS data available.
CWE
- Memory Corruption
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40163",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40162 (GCVE-0-2021-40162)
Vulnerability from nvd – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Out-of-Band Read
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Band Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40162",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25788 (GCVE-0-2022-25788)
Vulnerability from nvd – Published: 2022-04-19 20:26 – Updated: 2024-08-03 04:49
VLAI?
Summary
A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Out-of-bound Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Affected:
2022.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:26:31",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-25788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-25788",
"datePublished": "2022-04-19T20:26:31",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40159 (GCVE-0-2021-40159)
Vulnerability from nvd – Published: 2022-01-25 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inventor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40159",
"datePublished": "2022-01-25T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40158 (GCVE-0-2021-40158)
Vulnerability from nvd – Published: 2022-01-25 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds Read
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inventor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40158",
"datePublished": "2022-01-25T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4710 (GCVE-0-2005-4710)
Vulnerability from nvd – Published: 2006-02-10 11:00 – Updated: 2024-08-07 23:53
VLAI?
Summary
Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
},
{
"name": "18682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18682"
},
{
"name": "autodesk-gain-privileges(24460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
},
{
"name": "16472",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user\u0027s computer,\" aka ID DL5549329."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
},
{
"name": "18682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18682"
},
{
"name": "autodesk-gain-privileges(24460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
},
{
"name": "16472",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user\u0027s computer,\" aka ID DL5549329."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232",
"refsource": "CONFIRM",
"url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
},
{
"name": "18682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18682"
},
{
"name": "autodesk-gain-privileges(24460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
},
{
"name": "16472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4710",
"datePublished": "2006-02-10T11:00:00",
"dateReserved": "2006-02-10T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5039 (GCVE-0-2025-5039)
Vulnerability from cvelistv5 – Published: 2025-07-24 17:11 – Updated: 2025-08-19 13:17
VLAI?
Title
Privilege Ecalation due to Untrusted Search Path Vulnerability
Summary
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
Severity ?
7.8 (High)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | AutoCAD |
Affected:
2026 , < 2026.1
(custom)
cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T03:55:30.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.0.2",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.\u003cbr\u003e"
}
],
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:17:42.116Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Ecalation due to Untrusted Search Path Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5039",
"datePublished": "2025-07-24T17:11:14.714Z",
"dateReserved": "2025-05-21T13:00:59.147Z",
"dateUpdated": "2025-08-19T13:17:42.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1276 (GCVE-0-2025-1276)
Vulnerability from cvelistv5 – Published: 2025-04-15 20:55 – Updated: 2025-10-07 20:54
VLAI?
Title
DWG File Parsing Out-of-Bounds Write Vulnerability
Summary
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-Bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Autodesk | AutoCAD |
Affected:
2025 , < 2025.1.2
(custom)
Affected: 2024 , < 2024.1.7 (custom) Affected: 2023 , < 2023.1.7 (custom) cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T03:55:45.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:realdwg:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T20:54:16.150Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/dwg-trueview/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWG File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1276",
"datePublished": "2025-04-15T20:55:04.255Z",
"dateReserved": "2025-02-13T15:16:31.469Z",
"dateUpdated": "2025-10-07T20:54:16.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29068 (GCVE-0-2023-29068)
Vulnerability from cvelistv5 – Published: 2023-06-27 00:00 – Updated: 2024-12-05 14:41
VLAI?
Summary
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Severity ?
No CVSS data available.
CWE
- memory corruption vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk products |
Affected:
2023, 2022, 2021, 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T14:41:27.413833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:41:43.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Autodesk products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023, 2022, 2021, 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "memory corruption vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-27T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2023-29068",
"datePublished": "2023-06-27T00:00:00",
"dateReserved": "2023-03-30T00:00:00",
"dateUpdated": "2024-12-05T14:41:43.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25004 (GCVE-0-2023-25004)
Vulnerability from cvelistv5 – Published: 2023-06-27 00:00 – Updated: 2024-12-05 14:40
VLAI?
Summary
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Severity ?
No CVSS data available.
CWE
- Integer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk products |
Affected:
2023, 2022, 2021, 2020
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T14:39:57.188378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:40:18.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Autodesk products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023, 2022, 2021, 2020"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-27T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2023-25004",
"datePublished": "2023-06-27T00:00:00",
"dateReserved": "2023-02-01T00:00:00",
"dateUpdated": "2024-12-05T14:40:18.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25003 (GCVE-0-2023-25003)
Vulnerability from cvelistv5 – Published: 2023-06-23 00:00 – Updated: 2024-12-05 17:10
VLAI?
Summary
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
Severity ?
No CVSS data available.
CWE
- out-of-bound read write / read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AutoCAD, Maya |
Affected:
2023, 2022
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T17:09:59.558363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T17:10:10.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": " AutoCAD, Maya ",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2023, 2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "out-of-bound read write / read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2023-25003",
"datePublished": "2023-06-23T00:00:00",
"dateReserved": "2023-02-01T00:00:00",
"dateUpdated": "2024-12-05T17:10:10.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40165 (GCVE-0-2021-40165)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Affected:
2022, 2021, 2020, 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40165",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40164 (GCVE-0-2021-40164)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Heap-based Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Affected:
2022, 2021, 2020, 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40164",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40162 (GCVE-0-2021-40162)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Out-of-Band Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Affected:
2022, 2021, 2020, 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-Band Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40162",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40163 (GCVE-0-2021-40163)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
Severity ?
No CVSS data available.
CWE
- Memory Corruption
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Affected:
2022, 2021, 2020, 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory Corruption ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40163",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40166 (GCVE-0-2021-40166)
Vulnerability from cvelistv5 – Published: 2022-10-07 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Use-After-Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Affected:
2022, 2021, 2020, 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use-After-Free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40166",
"datePublished": "2022-10-07T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25788 (GCVE-0-2022-25788)
Vulnerability from cvelistv5 – Published: 2022-04-19 20:26 – Updated: 2024-08-03 04:49
VLAI?
Summary
A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- Out-of-bound Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D |
Affected:
2022.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bound Write",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T20:26:31",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@autodesk.com",
"ID": "CVE-2022-25788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
"version": {
"version_data": [
{
"version_value": "2022.1.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bound Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002",
"refsource": "MISC",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2022-25788",
"datePublished": "2022-04-19T20:26:31",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40159 (GCVE-0-2021-40159)
Vulnerability from cvelistv5 – Published: 2022-01-25 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inventor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40159",
"datePublished": "2022-01-25T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40158 (GCVE-0-2021-40158)
Vulnerability from cvelistv5 – Published: 2022-01-25 00:00 – Updated: 2024-08-04 02:27
VLAI?
Summary
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Severity ?
No CVSS data available.
CWE
- Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Inventor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022, 2021, 2020, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-07T00:00:00",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2021-40158",
"datePublished": "2022-01-25T00:00:00",
"dateReserved": "2021-08-27T00:00:00",
"dateUpdated": "2024-08-04T02:27:31.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4710 (GCVE-0-2005-4710)
Vulnerability from cvelistv5 – Published: 2006-02-10 11:00 – Updated: 2024-08-07 23:53
VLAI?
Summary
Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
},
{
"name": "18682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18682"
},
{
"name": "autodesk-gain-privileges(24460)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
},
{
"name": "16472",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user\u0027s computer,\" aka ID DL5549329."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
},
{
"name": "18682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18682"
},
{
"name": "autodesk-gain-privileges(24460)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
},
{
"name": "16472",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user\u0027s computer,\" aka ID DL5549329."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232",
"refsource": "CONFIRM",
"url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
},
{
"name": "18682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18682"
},
{
"name": "autodesk-gain-privileges(24460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
},
{
"name": "16472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4710",
"datePublished": "2006-02-10T11:00:00",
"dateReserved": "2006-02-10T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}