Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for maya_usd by autodesk

    CVE-2023-29068 (GCVE-0-2023-29068)

    Vulnerability from nvd – Published: 2023-06-27 00:00 – Updated: 2024-12-05 14:41
    VLAI
    Summary
    A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • memory corruption vulnerability
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk products Affected: 2023, 2022, 2021, 2020
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:14.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29068",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T14:41:27.413833Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:41:43.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk products",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022, 2021, 2020"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "memory corruption vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-27T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-29068",
        "datePublished": "2023-06-27T00:00:00.000Z",
        "dateReserved": "2023-03-30T00:00:00.000Z",
        "dateUpdated": "2024-12-05T14:41:43.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25004 (GCVE-0-2023-25004)

    Vulnerability from nvd – Published: 2023-06-27 00:00 – Updated: 2024-12-05 14:40
    VLAI
    Summary
    A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Integer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk products Affected: 2023, 2022, 2021, 2020
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T14:39:57.188378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:40:18.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk products",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022, 2021, 2020"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-27T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-25004",
        "datePublished": "2023-06-27T00:00:00.000Z",
        "dateReserved": "2023-02-01T00:00:00.000Z",
        "dateUpdated": "2024-12-05T14:40:18.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25003 (GCVE-0-2023-25003)

    Vulnerability from nvd – Published: 2023-06-23 00:00 – Updated: 2024-12-05 17:10
    VLAI
    Summary
    A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • out-of-bound read write / read
    Assigner
    Impacted products
    Vendor Product Version
    n/a AutoCAD, Maya Affected: 2023, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T17:09:59.558363Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T17:10:10.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AutoCAD, Maya",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "out-of-bound read write / read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-23T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-25003",
        "datePublished": "2023-06-23T00:00:00.000Z",
        "dateReserved": "2023-02-01T00:00:00.000Z",
        "dateUpdated": "2024-12-05T17:10:10.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27907 (GCVE-0-2023-27907)

    Vulnerability from nvd – Published: 2023-04-17 00:00 – Updated: 2025-02-06 16:14
    VLAI
    Summary
    A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bound Write
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya USD Plugin Affected: 0.22.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:23:30.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T16:14:24.961848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:14:36.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya USD Plugin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.22.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bound Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-27907",
        "datePublished": "2023-04-17T00:00:00.000Z",
        "dateReserved": "2023-03-07T00:00:00.000Z",
        "dateUpdated": "2025-02-06T16:14:36.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27906 (GCVE-0-2023-27906)

    Vulnerability from nvd – Published: 2023-04-17 00:00 – Updated: 2025-02-06 16:16
    VLAI
    Summary
    A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bound Read
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya USD Plugin Affected: 0.22.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:23:30.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27906",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T16:16:01.252342Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:16:28.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya USD Plugin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.22.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bound Read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-27906",
        "datePublished": "2023-04-17T00:00:00.000Z",
        "dateReserved": "2023-03-07T00:00:00.000Z",
        "dateUpdated": "2025-02-06T16:16:28.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25010 (GCVE-0-2023-25010)

    Vulnerability from nvd – Published: 2023-04-17 00:00 – Updated: 2025-02-06 15:27
    VLAI
    Summary
    A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Uninitialized Variable
    • CWE-665 - Improper Initialization
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya USD Plugin Affected: 0.22.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T15:25:50.417170Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-665",
                    "description": "CWE-665 Improper Initialization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T15:27:25.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya USD Plugin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.22.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uninitialized Variable",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-25010",
        "datePublished": "2023-04-17T00:00:00.000Z",
        "dateReserved": "2023-02-01T00:00:00.000Z",
        "dateUpdated": "2025-02-06T15:27:25.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25004 (GCVE-0-2023-25004)

    Vulnerability from cvelistv5 – Published: 2023-06-27 00:00 – Updated: 2024-12-05 14:40
    VLAI
    Summary
    A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Integer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk products Affected: 2023, 2022, 2021, 2020
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25004",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T14:39:57.188378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:40:18.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk products",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022, 2021, 2020"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-27T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-25004",
        "datePublished": "2023-06-27T00:00:00.000Z",
        "dateReserved": "2023-02-01T00:00:00.000Z",
        "dateUpdated": "2024-12-05T14:40:18.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-29068 (GCVE-0-2023-29068)

    Vulnerability from cvelistv5 – Published: 2023-06-27 00:00 – Updated: 2024-12-05 14:41
    VLAI
    Summary
    A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • memory corruption vulnerability
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk products Affected: 2023, 2022, 2021, 2020
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:14.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29068",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T14:41:27.413833Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T14:41:43.199Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk products",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022, 2021, 2020"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "memory corruption vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-27T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-29068",
        "datePublished": "2023-06-27T00:00:00.000Z",
        "dateReserved": "2023-03-30T00:00:00.000Z",
        "dateUpdated": "2024-12-05T14:41:43.199Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25003 (GCVE-0-2023-25003)

    Vulnerability from cvelistv5 – Published: 2023-06-23 00:00 – Updated: 2024-12-05 17:10
    VLAI
    Summary
    A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • out-of-bound read write / read
    Assigner
    Impacted products
    Vendor Product Version
    n/a AutoCAD, Maya Affected: 2023, 2022
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.401Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25003",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-05T17:09:59.558363Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-05T17:10:10.146Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "AutoCAD, Maya",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "2023, 2022"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "out-of-bound read write / read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-23T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-25003",
        "datePublished": "2023-06-23T00:00:00.000Z",
        "dateReserved": "2023-02-01T00:00:00.000Z",
        "dateUpdated": "2024-12-05T17:10:10.146Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27906 (GCVE-0-2023-27906)

    Vulnerability from cvelistv5 – Published: 2023-04-17 00:00 – Updated: 2025-02-06 16:16
    VLAI
    Summary
    A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bound Read
    • CWE-125 - Out-of-bounds Read
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya USD Plugin Affected: 0.22.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:23:30.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27906",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T16:16:01.252342Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "CWE-125 Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:16:28.652Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya USD Plugin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.22.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds read vulnerability which may result in code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bound Read",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-27906",
        "datePublished": "2023-04-17T00:00:00.000Z",
        "dateReserved": "2023-03-07T00:00:00.000Z",
        "dateUpdated": "2025-02-06T16:16:28.652Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25010 (GCVE-0-2023-25010)

    Vulnerability from cvelistv5 – Published: 2023-04-17 00:00 – Updated: 2025-02-06 15:27
    VLAI
    Summary
    A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Uninitialized Variable
    • CWE-665 - Improper Initialization
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya USD Plugin Affected: 0.22.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25010",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T15:25:50.417170Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-665",
                    "description": "CWE-665 Improper Initialization",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T15:27:25.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya USD Plugin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.22.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor may convince a victim to open a malicious USD file that may trigger an uninitialized variable which may result in code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uninitialized Variable",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-25010",
        "datePublished": "2023-04-17T00:00:00.000Z",
        "dateReserved": "2023-02-01T00:00:00.000Z",
        "dateUpdated": "2025-02-06T15:27:25.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27907 (GCVE-0-2023-27907)

    Vulnerability from cvelistv5 – Published: 2023-04-17 00:00 – Updated: 2025-02-06 16:14
    VLAI
    Summary
    A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Out-of-bound Write
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    n/a Autodesk Maya USD Plugin Affected: 0.22.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:23:30.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27907",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-06T16:14:24.961848Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-06T16:14:36.702Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Autodesk Maya USD Plugin",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.22.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A malicious actor may convince a victim to open a malicious USD file that may trigger an out-of-bounds write vulnerability which may result in code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Out-of-bound Write",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-17T00:00:00.000Z",
            "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
            "shortName": "autodesk"
          },
          "references": [
            {
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0003"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "assignerShortName": "autodesk",
        "cveId": "CVE-2023-27907",
        "datePublished": "2023-04-17T00:00:00.000Z",
        "dateReserved": "2023-03-07T00:00:00.000Z",
        "dateUpdated": "2025-02-06T16:14:36.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }