Vulnerabilites related to autodesk - revit
cve-2024-9489
Vulnerability from cvelistv5
Published
2024-10-29 21:44
Modified
2025-04-28 16:00
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.1.1 Version: 2024 < 2024.1.7 Version: 2023 < 2023.1.7 Version: 2022 < 2022.1.6 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9489", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T13:51:32.196438Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-30T15:01:17.148Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD LT", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Architecture", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Electrical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MAP 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Mechanical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MEP", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Plant 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Civil 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Advance Steel", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "DWG TrueView", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "RealDWG", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", }, ], value: "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-119", description: "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-28T16:00:44.847Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021", }, ], source: { discovery: "UNKNOWN", }, title: "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-9489", datePublished: "2024-10-29T21:44:39.027Z", dateReserved: "2024-10-03T18:19:18.769Z", dateUpdated: "2025-04-28T16:00:44.847Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-4710
Vulnerability from cvelistv5
Published
2006-02-10 11:00
Modified
2024-08-07 23:53
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.
References
| ▼ | URL | Tags |
|---|---|---|
| http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/18682 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24460 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/16472 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T23:53:28.986Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232", }, { name: "18682", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18682", }, { name: "autodesk-gain-privileges(24460)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460", }, { name: "16472", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/16472", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-10-24T00:00:00", descriptions: [ { lang: "en", value: "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user's computer,\" aka ID DL5549329.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-19T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232", }, { name: "18682", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18682", }, { name: "autodesk-gain-privileges(24460)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460", }, { name: "16472", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/16472", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-4710", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user's computer,\" aka ID DL5549329.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232", refsource: "CONFIRM", url: "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232", }, { name: "18682", refsource: "SECUNIA", url: "http://secunia.com/advisories/18682", }, { name: "autodesk-gain-privileges(24460)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460", }, { name: "16472", refsource: "BID", url: "http://www.securityfocus.com/bid/16472", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-4710", datePublished: "2006-02-10T11:00:00", dateReserved: "2006-02-10T00:00:00", dateUpdated: "2024-08-07T23:53:28.986Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7993
Vulnerability from cvelistv5
Published
2024-10-16 21:47
Modified
2025-02-10 20:30
Severity ?
EPSS score ?
Summary
A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "revit", vendor: "autodesk", versions: [ { lessThan: "2024.2.2", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2025.3", status: "affected", version: "2025", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7993", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T16:17:26.757982Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T16:19:18.837Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.3", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.2.2", status: "affected", version: "2024", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. </span><br>", }, ], value: "A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-10T20:30:40.208Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0018", }, ], source: { discovery: "EXTERNAL", }, title: "Out-of-Bounds Write Vulnerability in Autodesk Revit", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-7993", datePublished: "2024-10-16T21:47:31.739Z", dateReserved: "2024-08-19T21:37:09.626Z", dateUpdated: "2025-02-10T20:30:40.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37008
Vulnerability from cvelistv5
Published
2024-08-21 10:02
Modified
2025-01-28 20:09
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit_lt:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "revit_lt", vendor: "autodesk", versions: [ { lessThan: "2025.1", status: "affected", version: "2025", versionType: "custom", }, { lessThanOrEqual: "2024.2.1", status: "affected", version: "2024", versionType: "semver", }, { lessThanOrEqual: "2023.1.4", status: "affected", version: "2023", versionType: "semver", }, { lessThanOrEqual: "2022.1.6", status: "affected", version: "2022", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-37008", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-22T18:53:46.614281Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-26T21:08:41.231Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.2.2", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.5", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.7", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:revit_lt:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit_lt:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit_lt:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit_lt:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit LT", vendor: "Autodesk", versions: [ { lessThan: "2025.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.2.2", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.5", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.7", status: "affected", version: "2022", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.</p>", }, ], value: "A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T20:09:46.019Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0013", }, ], source: { discovery: "UNKNOWN", }, title: "Stack-based Overflow Vulnerability in Revit Software", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-37008", datePublished: "2024-08-21T10:02:21.128Z", dateReserved: "2024-05-30T20:11:46.550Z", dateUpdated: "2025-01-28T20:09:46.019Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1656
Vulnerability from cvelistv5
Published
2025-04-15 20:56
Modified
2025-04-25 14:39
Severity ?
EPSS score ?
Summary
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1656", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-18T03:55:34.994Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.4.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.3.2", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.<br>", }, ], value: "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-Based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-25T14:39:23.671Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003", }, ], source: { discovery: "EXTERNAL", }, title: "PDF File Parsing Heap-based Overflow Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2025-1656", datePublished: "2025-04-15T20:56:30.567Z", dateReserved: "2025-02-24T20:01:54.134Z", dateUpdated: "2025-04-25T14:39:23.671Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1274
Vulnerability from cvelistv5
Published
2025-04-15 20:58
Modified
2025-04-25 14:40
Severity ?
EPSS score ?
Summary
A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1274", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-18T03:55:38.039Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.4.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.3.2", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.<br>", }, ], value: "A maliciously crafted RCS file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-Bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-25T14:40:46.283Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0007", }, ], source: { discovery: "EXTERNAL", }, title: "RCS File Parsing Out-of-Bounds Write Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2025-1274", datePublished: "2025-04-15T20:58:04.157Z", dateReserved: "2025-02-13T15:16:29.531Z", dateUpdated: "2025-04-25T14:40:46.283Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7991
Vulnerability from cvelistv5
Published
2024-10-29 21:49
Modified
2025-04-28 15:56
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.1.1 Version: 2024 < 2024.1.7 Version: 2023 < 2023.1.7 Version: 2022 < 2022.1.6 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-7991", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T13:51:28.629296Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-30T15:00:49.205Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD LT", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Architecture", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Electrical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MAP 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Mechanical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MEP", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Plant 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Civil 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Advance Steel", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "DWG TrueView", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "RealDWG", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", }, ], value: "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-Bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-28T15:56:36.364Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021", }, ], source: { discovery: "UNKNOWN", }, title: "Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-7991", datePublished: "2024-10-29T21:49:02.128Z", dateReserved: "2024-08-19T21:37:04.701Z", dateUpdated: "2025-04-28T15:56:36.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7994
Vulnerability from cvelistv5
Published
2024-10-16 21:47
Modified
2025-01-28 20:10
Severity ?
EPSS score ?
Summary
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:autodesk:revit:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "revit", vendor: "autodesk", versions: [ { status: "affected", version: "2024", }, { status: "affected", version: "2025", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7994", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-18T17:59:24.381901Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-18T18:01:01.085Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.3", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.3", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.6", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.8", status: "affected", version: "2022", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.</span><br>", }, ], value: "A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T20:10:30.617Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0017", }, ], source: { discovery: "EXTERNAL", }, title: "Stack-Based Buffer Overflow Vulnerability in Autodesk Revit", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-7994", datePublished: "2024-10-16T21:47:51.258Z", dateReserved: "2024-08-19T21:37:10.490Z", dateUpdated: "2025-01-28T20:10:30.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25002
Vulnerability from cvelistv5
Published
2023-06-27 00:00
Modified
2024-12-05 14:39
Severity ?
EPSS score ?
Summary
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.501Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25002", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-05T14:38:10.506379Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-05T14:39:41.206Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Multiple", vendor: "n/a", versions: [ { status: "affected", version: "2023, 2022, 2021", }, ], }, ], descriptions: [ { lang: "en", value: "A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Use-after-free vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-27T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2023-25002", datePublished: "2023-06-27T00:00:00", dateReserved: "2023-02-01T00:00:00", dateUpdated: "2024-12-05T14:39:41.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25003
Vulnerability from cvelistv5
Published
2023-06-23 00:00
Modified
2024-12-05 17:10
Severity ?
EPSS score ?
Summary
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | AutoCAD, Maya |
Version: 2023, 2022 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.401Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25003", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-05T17:09:59.558363Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-05T17:10:10.146Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: " AutoCAD, Maya ", vendor: "n/a", versions: [ { status: "affected", version: "2023, 2022", }, ], }, ], descriptions: [ { lang: "en", value: "A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.", }, ], problemTypes: [ { descriptions: [ { description: "out-of-bound read write / read", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-23T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2023-25003", datePublished: "2023-06-23T00:00:00", dateReserved: "2023-02-01T00:00:00", dateUpdated: "2024-12-05T17:10:10.146Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-40163
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:27:31.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", vendor: "n/a", versions: [ { status: "affected", version: "2022, 2021, 2020, 2019", }, ], }, ], descriptions: [ { lang: "en", value: "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.", }, ], problemTypes: [ { descriptions: [ { description: "Memory Corruption ", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-07T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2021-40163", datePublished: "2022-10-07T00:00:00", dateReserved: "2021-08-27T00:00:00", dateUpdated: "2024-08-04T02:27:31.853Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-40166
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:27:31.562Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", vendor: "n/a", versions: [ { status: "affected", version: "2022, 2021, 2020, 2019", }, ], }, ], descriptions: [ { lang: "en", value: "A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "Use-After-Free", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-07T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2021-40166", datePublished: "2022-10-07T00:00:00", dateReserved: "2021-08-27T00:00:00", dateUpdated: "2024-08-04T02:27:31.562Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9997
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2025-04-28 16:08
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.1.1 Version: 2024 < 2024.1.7 Version: 2023 < 2023.1.7 Version: 2022 < 2022.1.6 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9997", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T13:51:29.745174Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-30T15:00:57.856Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD LT", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Architecture", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Electrical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MAP 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Mechanical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MEP", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Plant 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Civil 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Advance Steel", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "DWG TrueView", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "RealDWG", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.<br>", }, ], value: "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-28T16:08:37.360Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021", }, ], source: { discovery: "UNKNOWN", }, title: "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-9997", datePublished: "2024-10-29T21:45:59.005Z", dateReserved: "2024-10-15T13:39:39.800Z", dateUpdated: "2025-04-28T16:08:37.360Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-2497
Vulnerability from cvelistv5
Published
2025-04-15 20:55
Modified
2025-04-24 15:31
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-2497", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-18T03:55:32.214Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.4.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.3.2", status: "affected", version: "2024", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.<br>", }, ], value: "A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-Based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-24T15:31:56.005Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0005", }, ], source: { discovery: "EXTERNAL", }, title: "DWG File Parsing Stack-Based Buffer Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2025-2497", datePublished: "2025-04-15T20:55:34.931Z", dateReserved: "2025-03-18T13:00:16.699Z", dateUpdated: "2025-04-24T15:31:56.005Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7992
Vulnerability from cvelistv5
Published
2024-10-29 21:50
Modified
2025-04-28 15:56
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.1.1 Version: 2024 < 2024.1.7 Version: 2023 < 2023.1.7 Version: 2022 < 2022.1.6 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-7992", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T13:51:27.431632Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-30T15:00:32.444Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD LT", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Architecture", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Electrical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MAP 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Mechanical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MEP", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Plant 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Civil 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Advance Steel", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "DWG TrueView", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "RealDWG", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A maliciously crafted DWG file, when parsed</span> <span style=\"background-color: rgb(255, 255, 255);\">through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.</span><span style=\"background-color: rgb(255, 255, 255);\"> </span><br>", }, ], value: "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-28T15:56:02.844Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021", }, ], source: { discovery: "UNKNOWN", }, title: "Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-7992", datePublished: "2024-10-29T21:50:13.232Z", dateReserved: "2024-08-19T21:37:08.684Z", dateUpdated: "2025-04-28T15:56:02.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-40164
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:27:31.502Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", vendor: "n/a", versions: [ { status: "affected", version: "2022, 2021, 2020, 2019", }, ], }, ], descriptions: [ { lang: "en", value: "A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "Heap-based Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-07T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2021-40164", datePublished: "2022-10-07T00:00:00", dateReserved: "2021-08-27T00:00:00", dateUpdated: "2024-08-04T02:27:31.502Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29068
Vulnerability from cvelistv5
Published
2023-06-27 00:00
Modified
2024-12-05 14:41
Severity ?
EPSS score ?
Summary
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk products |
Version: 2023, 2022, 2021, 2020 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:14.952Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29068", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-05T14:41:27.413833Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-05T14:41:43.199Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Autodesk products", vendor: "n/a", versions: [ { status: "affected", version: "2023, 2022, 2021, 2020", }, ], }, ], descriptions: [ { lang: "en", value: "A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", }, ], problemTypes: [ { descriptions: [ { description: "memory corruption vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-27T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2023-29068", datePublished: "2023-06-27T00:00:00", dateReserved: "2023-03-30T00:00:00", dateUpdated: "2024-12-05T14:41:43.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-40162
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:27:31.539Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", vendor: "n/a", versions: [ { status: "affected", version: "2022, 2021, 2020, 2019", }, ], }, ], descriptions: [ { lang: "en", value: "A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "Out-of-Band Read", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-07T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2021-40162", datePublished: "2022-10-07T00:00:00", dateReserved: "2021-08-27T00:00:00", dateUpdated: "2024-08-04T02:27:31.539Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8896
Vulnerability from cvelistv5
Published
2024-10-29 21:43
Modified
2025-04-28 15:58
Severity ?
EPSS score ?
Summary
A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.1.1 Version: 2024 < 2024.1.7 Version: 2023 < 2023.1.7 Version: 2022 < 2022.1.6 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8896", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T13:51:33.412413Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-30T15:01:25.860Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD LT", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Architecture", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Electrical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MAP 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Mechanical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MEP", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Plant 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Civil 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Advance Steel", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "DWG TrueView", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "RealDWG", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", }, ], value: "A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-908", description: "CWE-908 Use of Uninitialized Resource", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-28T15:58:25.927Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021", }, ], source: { discovery: "UNKNOWN", }, title: "Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-8896", datePublished: "2024-10-29T21:43:11.437Z", dateReserved: "2024-09-16T14:34:49.668Z", dateUpdated: "2025-04-28T15:58:25.927Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11608
Vulnerability from cvelistv5
Published
2024-12-09 17:53
Modified
2025-01-28 20:13
Severity ?
EPSS score ?
Summary
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "revit", vendor: "autodesk", versions: [ { status: "affected", version: "2025", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-11608", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-09T18:03:53.476189Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-09T18:05:18.311Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.4", status: "affected", version: "2025", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.<br>", }, ], value: "A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T20:13:19.044Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0026", }, ], source: { discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-11608", datePublished: "2024-12-09T17:53:18.804Z", dateReserved: "2024-11-21T20:20:48.343Z", dateUpdated: "2025-01-28T20:13:19.044Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11268
Vulnerability from cvelistv5
Published
2024-12-09 17:42
Modified
2025-01-28 20:12
Severity ?
EPSS score ?
Summary
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-11268", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-12-09T18:07:50.635674Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-09T18:07:57.640Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.4", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.3.1", status: "affected", version: "2024", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.<br><br><br><br>", }, ], value: "A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T20:12:08.567Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0024", }, ], source: { discovery: "EXTERNAL", }, title: "PDF File Parsing Vulnerability in Autodesk Revit", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-11268", datePublished: "2024-12-09T17:42:15.362Z", dateReserved: "2024-11-15T17:53:44.142Z", dateUpdated: "2025-01-28T20:12:08.567Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-40165
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:27:31.537Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D", vendor: "n/a", versions: [ { status: "affected", version: "2022, 2021, 2020, 2019", }, ], }, ], descriptions: [ { lang: "en", value: "A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "Buffer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-07T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2021-40165", datePublished: "2022-10-07T00:00:00", dateReserved: "2021-08-27T00:00:00", dateUpdated: "2024-08-04T02:27:31.537Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25004
Vulnerability from cvelistv5
Published
2023-06-27 00:00
Modified
2024-12-05 14:40
Severity ?
EPSS score ?
Summary
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk products |
Version: 2023, 2022, 2021, 2020 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:11:43.391Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-25004", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-05T14:39:57.188378Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-05T14:40:18.983Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Autodesk products", vendor: "n/a", versions: [ { status: "affected", version: "2023, 2022, 2021, 2020", }, ], }, ], descriptions: [ { lang: "en", value: "A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Integer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-27T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2023-25004", datePublished: "2023-06-27T00:00:00", dateReserved: "2023-02-01T00:00:00", dateUpdated: "2024-12-05T14:40:18.983Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-40160
Vulnerability from cvelistv5
Published
2021-12-23 18:31
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:27:31.871Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Revit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac", vendor: "n/a", versions: [ { status: "affected", version: "prior to 9.0.7", }, ], }, ], descriptions: [ { lang: "en", value: "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "Out-of-bound Read Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-18T16:20:48", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2021-40160", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Revit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac", version: { version_data: [ { version_value: "prior to 9.0.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Out-of-bound Read Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", refsource: "MISC", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2021-40160", datePublished: "2021-12-23T18:31:31", dateReserved: "2021-08-27T00:00:00", dateUpdated: "2024-08-04T02:27:31.871Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11454
Vulnerability from cvelistv5
Published
2024-12-09 17:48
Modified
2025-01-28 20:12
Severity ?
EPSS score ?
Summary
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "revit", vendor: "autodesk", versions: [ { status: "affected", version: "2025", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-11454", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-09T18:05:41.484045Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-09T18:07:39.304Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.4", status: "affected", version: "2025", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.</span></span><br>", }, ], value: "A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.", }, ], impacts: [ { capecId: "CAPEC-471", descriptions: [ { lang: "en", value: "CAPEC-471 Search Order Hijacking", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426 Untrusted Search Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-28T20:12:42.999Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0025", }, ], source: { discovery: "EXTERNAL", }, title: "Untrusted Search Path vulnerability in Autodesk Revit", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-11454", datePublished: "2024-12-09T17:48:30.983Z", dateReserved: "2024-11-19T20:14:29.710Z", dateUpdated: "2025-01-28T20:12:42.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-40161
Vulnerability from cvelistv5
Published
2021-12-23 18:31
Modified
2024-08-04 02:27
Severity ?
EPSS score ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | x_refsource_MISC |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:27:31.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Revit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac", vendor: "n/a", versions: [ { status: "affected", version: "prior to 9.0.7", }, ], }, ], descriptions: [ { lang: "en", value: "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.", }, ], problemTypes: [ { descriptions: [ { description: "Memory Corruption Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-18T16:20:49", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2021-40161", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Revit, Navisworks, Autodesk® Advance Steel, AutoCAD®, AutoCAD® Architecture, AutoCAD® Electrical, AutoCAD® Map 3D, AutoCAD® Mechanical, AutoCAD® MEP, AutoCAD® Plant 3D, AutoCAD® LT, Autodesk® Civil 3D, AutoCAD® Mac, AutoCAD® LT for Mac", version: { version_data: [ { version_value: "prior to 9.0.7", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Memory Corruption Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", refsource: "MISC", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2021-40161", datePublished: "2021-12-23T18:31:43", dateReserved: "2021-08-27T00:00:00", dateUpdated: "2024-08-04T02:27:31.589Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1273
Vulnerability from cvelistv5
Published
2025-04-15 20:56
Modified
2025-04-25 14:41
Severity ?
EPSS score ?
Summary
A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1273", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-18T03:55:33.632Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.4.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.3.2", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.<br>", }, ], value: "A maliciously crafted PDF file, when linked or imported into Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-Based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-25T14:41:06.769Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003", }, ], source: { discovery: "EXTERNAL", }, title: "PDF File Parsing Heap-Based Overflow Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2025-1273", datePublished: "2025-04-15T20:56:04.970Z", dateReserved: "2025-02-13T15:16:28.058Z", dateUpdated: "2025-04-25T14:41:06.769Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9996
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2025-04-28 16:04
Severity ?
EPSS score ?
Summary
A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | AutoCAD |
Version: 2025 < 2025.1.1 Version: 2024 < 2024.1.7 Version: 2023 < 2023.1.7 Version: 2022 < 2022.1.6 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-9996", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-30T13:51:30.961199Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-30T15:01:08.447Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD LT", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Architecture", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Electrical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MAP 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Mechanical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MEP", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Plant 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Civil 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Advance Steel", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, { lessThan: "2022.1.6", status: "affected", version: "2022", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "DWG TrueView", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "RealDWG", vendor: "Autodesk", versions: [ { lessThan: "2025.1.1", status: "affected", version: "2025", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", }, ], value: "A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-Bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-28T16:04:07.807Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021", }, ], source: { discovery: "UNKNOWN", }, title: "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Code Execution Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2024-9996", datePublished: "2024-10-29T21:45:17.527Z", dateReserved: "2024-10-15T13:39:36.931Z", dateUpdated: "2025-04-28T16:04:07.807Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1275
Vulnerability from cvelistv5
Published
2025-04-15 20:54
Modified
2025-04-25 14:40
Severity ?
EPSS score ?
Summary
A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Autodesk | Revit |
Version: 2025 < 2025.4.1 Version: 2024 < 2024.3.2 Version: 2023 < 2023.1.7 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1275", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-18T03:55:30.759Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.4.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.3.2", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Architecture", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Electrical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Mechanical", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MEP", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD Plant 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Civil 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Advance Steel", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD MAP 3D", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "AutoCAD LT", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, { cpe: [ "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "DWG TrueView", vendor: "Autodesk", versions: [ { lessThan: "2025.1.2", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.1.7", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.<br>", }, ], value: "A maliciously crafted JPG file, when linked or imported into certain Autodesk applications, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-Based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-25T14:40:25.842Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0006", }, ], source: { discovery: "EXTERNAL", }, title: "JPG File Parsing Heap-Based Overflow Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2025-1275", datePublished: "2025-04-15T20:54:30.139Z", dateReserved: "2025-02-13T15:16:30.397Z", dateUpdated: "2025-04-25T14:40:25.842Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27871
Vulnerability from cvelistv5
Published
2022-06-21 14:23
Modified
2024-08-03 05:41
Severity ?
EPSS score ?
Summary
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk AutoCAD product suite, Revit, Design Review and Navisworks |
Version: 2022, 2021, 2020,2019 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:41:10.620Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks", vendor: "n/a", versions: [ { status: "affected", version: "2022, 2021, 2020,2019", }, ], }, ], descriptions: [ { lang: "en", value: "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.", }, ], problemTypes: [ { descriptions: [ { description: "Heap-based Buffer Overflow vul", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-21T14:23:33", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2022-27871", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks", version: { version_data: [ { version_value: "2022, 2021, 2020,2019", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Heap-based Buffer Overflow vul", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011", refsource: "MISC", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2022-27871", datePublished: "2022-06-21T14:23:33", dateReserved: "2022-03-25T00:00:00", dateUpdated: "2024-08-03T05:41:10.620Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1277
Vulnerability from cvelistv5
Published
2025-04-15 20:57
Modified
2025-04-25 14:40
Severity ?
EPSS score ?
Summary
A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1277", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-17T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-18T03:55:36.516Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpe: [ "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*", ], defaultStatus: "unaffected", product: "Revit", vendor: "Autodesk", versions: [ { lessThan: "2025.4.1", status: "affected", version: "2025", versionType: "custom", }, { lessThan: "2024.3.2", status: "affected", version: "2024", versionType: "custom", }, { lessThan: "2023.1.7", status: "affected", version: "2023", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.<br>", }, ], value: "A maliciously crafted PDF file, when parsed through Autodesk applications, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.", }, ], impacts: [ { capecId: "CAPEC-100", descriptions: [ { lang: "en", value: "CAPEC-100 Overflow Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-25T14:40:02.735Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0003", }, ], source: { discovery: "EXTERNAL", }, title: "PDF File Parsing Memory Corruption Vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2025-1277", datePublished: "2025-04-15T20:57:04.021Z", dateReserved: "2025-02-13T15:16:32.655Z", dateUpdated: "2025-04-25T14:40:02.735Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 06:23
Severity ?
Summary
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "B0E84020-F179-4AF3-BF9C-6D27259B2847", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "87941CE7-7F89-4A09-BBE8-A0D829273A63", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "2C5F50DF-4792-4A29-BB21-5821CA5E3A22", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "183990CB-4AA2-4EEE-8A14-8BF3AD203347", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "4A416E4B-0910-45FB-B468-A6D159C6FD11", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "7A873E71-BC29-43BC-AFB2-98C06AE29F3B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "ED3A19CA-3D6A-42D6-86C5-6B4E494064FF", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "F616B84F-B471-43B9-BC5D-BA6CCE461F56", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0B37E9-4987-4B96-9B31-6168961E1496", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "20371433-EA59-442E-947A-CF0A6AFD750C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "AF176D9D-1FAE-42DA-B03C-5A3E66408D52", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0CB6CF-53F6-4FED-8BE5-F3E31832237F", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "145CD700-BC3E-4F2B-82ED-FA51A0296C67", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E716111F-273B-48DF-ADEA-44BADE5E7FEB", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "71FA0271-BE55-48AD-B88D-34645684E9DE", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "6DD91E39-A3D8-4806-A778-608FD6C29BB2", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "77A1562A-07B8-4130-B319-1BE2800D8771", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "0E59ACB5-8745-46A8-889E-005DEA38925B", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "8FB94403-A063-4BDB-BE35-E198BF128709", versionEndExcluding: "2020.3.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "06B6CA6F-48E9-4A48-B1A2-7537DCE9939E", versionEndExcluding: "2021.2.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "D01E3771-86FD-483D-BCCB-1B1CDD4C482F", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "EEC464C9-D741-41B4-B460-B4305BCD83FA", versionEndExcluding: "2022.2.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "230F8974-9613-4B58-8621-67CCE81E208C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "D9184783-2476-4ED0-9F05-CA2AC68446B3", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "752B8F1C-54E3-4985-97A4-86FBF13E6BFD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "120326C3-E212-4341-A25D-BC3DD50CF228", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "5BAA6D71-2B11-4490-A1C4-652347582EF6", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "6F78C528-605C-46F3-8CF0-828B682745B3", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "B117299A-C5FE-419F-9C1C-DF58A2772055", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "1075AC6C-C9E1-45EA-B371-B06235C6AA86", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "8E140DC9-7000-48ED-A5C7-B23023DFB199", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CC178212-E440-46E9-9F00-60A5516D4D72", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C71A1AD7-4651-4FA9-9114-023E07DCB285", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C2A2E5FC-9717-47C1-A223-F90DC572DAB0", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "984491F0-8303-4C6C-B884-00C032D797DD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", matchCriteriaId: "213232B9-A40B-436D-A66A-B65C49D59BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*", matchCriteriaId: "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*", matchCriteriaId: "84ED1789-A17F-48F7-A152-09D2A5C59254", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*", matchCriteriaId: "74819924-EB63-4BBF-9986-FEF6100EEE15", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "3FB6CD03-F783-49F7-A9D2-C97C642E8B29", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "7E9DF065-576B-46B8-9F64-A16D9CB25398", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "631D559D-B4CB-4D6A-93A7-94C0CA9C232B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "713BBAEC-BE6D-40BC-9FB3-EBB906FB09BA", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*", matchCriteriaId: "2E6ACCB8-A327-484D-A542-9BC30BA4554A", versionEndExcluding: "2.0.11405", versionStartIncluding: "2.0.10356", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "8F3054F1-0ED3-4C71-90E0-764EC5757F6B", versionEndExcluding: "2019.2.2", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "27BA9C22-0044-429D-AD68-C040DF0E1E34", versionEndExcluding: "2020.0.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2021:*:*:*:*:*:*:*", matchCriteriaId: "C59A098D-F778-49BB-8B02-61DFA956D456", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2022:*:*:*:*:*:*:*", matchCriteriaId: "829ACB24-271D-440F-8723-FDAE2430373E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "36D46284-4E2E-4C56-B830-3C786D5A238F", versionEndExcluding: "2019.3", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "180513CE-CEC1-4FF7-B1CB-03835D6B8797", versionEndExcluding: "2020.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FE68AFE1-0F44-4B37-87E5-C7D658186425", versionEndExcluding: "2021.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:-:*:*:*:*:*:*", matchCriteriaId: "6974FEA3-2CDE-438D-A153-372A20E0338A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "3D85361A-B19D-444A-A075-73DF234C081B", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "8F7898E8-E540-4775-943C-26A4A7A7BA60", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_3:*:*:*:*:*:*", matchCriteriaId: "5C6290F4-E5E6-4146-982E-9CB0FC693B5C", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:-:*:*:*:*:*:*", matchCriteriaId: "9A3FB713-593D-4CF4-97EE-10498DF3B008", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "1AF37BF8-1921-4D94-89D3-7890F2DA7048", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "7A1EAD58-4213-4340-9019-543A223C155D", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:*", matchCriteriaId: "E8799159-8E69-4463-96D9-920E64A675B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "DDAE8B1C-5799-4FCB-AA1F-E01C72C545B1", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "BAB28476-5965-441D-AAEF-F76F7C599F3F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:-:*:*:*:*:*:*", matchCriteriaId: "23B89172-71E0-482F-ABD9-E640EE18E1B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "C7E432F3-925E-4120-9568-F679302A26B2", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.1:*:*:*:*:*:*:*", matchCriteriaId: "CA85576C-0D0E-4724-AC3F-0FCB9B4F7D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "CE08EFFE-4D11-4CFD-A013-4ABEB5D8D36F", versionEndExcluding: "2019.6", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "72B1AA4E-8E9C-40C3-9402-92B64BE19D83", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "400ADD0C-F69C-41DF-B682-5DE90B2BC142", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "D53B7E4C-4F2E-428D-A6CB-D4F2FB5865B0", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "EA8C5795-C1E7-4E84-BAFD-A2F16DCD0B51", versionEndExcluding: "2019.7", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DC07E959-8A9E-448D-9E4F-EF7D41C4B1A7", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DD6A1944-2576-406F-8010-9080C68654D5", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "34EEF338-800E-4350-BC57-815A4AC19523", versionEndExcluding: "2019.2.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "655285C9-9DBC-4DA3-8A53-7D87A2CFFBF7", versionEndExcluding: "2020.2.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "81E7B898-A0C4-4458-8389-3310A2A889AE", versionEndExcluding: "2021.1.5", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", matchCriteriaId: "70FD96A0-AC16-4E51-B4C1-6BB14C2D905A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "A7FDF255-2066-4115-83BC-D38DD09A8E6A", versionEndExcluding: "2020.3.1", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "C2591CF9-EA06-4EEC-9A13-80CE6864C08A", versionEndExcluding: "2021.3.1", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2019:*:*:*:*:*:*:*", matchCriteriaId: "9AC1FC52-ACBC-4119-B42E-0297375B4522", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2022:*:*:*:*:*:*:*", matchCriteriaId: "AEAA2573-ABD3-4379-ADBE-A0508D2D38EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.", }, { lang: "es", value: "Los archivos TIF, PICT, TGA o RLC diseñados de forma maliciosa en el componente de procesamiento de imágenes de Autodesk pueden ser forzados a leer más allá de los límites asignados cuando son analizados los archivos TIFF, PICT, TGA o RLC. Esta vulnerabilidad puede ser explotada para ejecutar código arbitrario", }, ], id: "CVE-2021-40162", lastModified: "2024-11-21T06:23:42.010", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-07T18:15:14.383", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-21 10:15
Modified
2024-08-23 16:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0013 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", matchCriteriaId: "70FD96A0-AC16-4E51-B4C1-6BB14C2D905A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*", matchCriteriaId: "2F75A973-839F-4BD0-8603-07AEF3F12476", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2024:*:*:*:*:*:*:*", matchCriteriaId: "1F8E8074-7FA0-4257-9DF9-00B0A37D1F92", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2025:*:*:*:*:*:*:*", matchCriteriaId: "99EC6432-EAE3-4759-A4AF-34B61818EB0E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.", }, { lang: "es", value: "Un archivo DWG creado con fines malintencionados, al analizarse en Revit, puede provocar un desbordamiento del búfer basado en la pila. Un actor malintencionado puede aprovechar esta vulnerabilidad para ejecutar código arbitrario en el contexto del proceso actual.", }, ], id: "CVE-2024-37008", lastModified: "2024-08-23T16:57:34.547", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@autodesk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-08-21T10:15:05.037", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0013", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@autodesk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-27 19:15
Modified
2024-11-21 07:56
Severity ?
Summary
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:alias:*:*:*:*:*:*:*:*", matchCriteriaId: "19760052-9480-46D8-B5A3-7F6FE3F74ED6", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "5269098B-1C20-4754-99F9-0A6B97E1490D", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "00EACCCC-CD89-490B-BBC1-F06EA6867AFD", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "5829F52D-F61C-4B79-B724-3388B1B1723A", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "70C48E66-DF91-4F0B-B93D-F6372BFC55C9", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "B85E0DDB-60A9-4AEA-BAA3-34E8DF25BF96", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "179FB815-E469-42A1-91CB-B766891C7552", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "CCB04040-8C83-4381-B762-61F0ED8C8CC0", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "57C7CD03-53D7-4224-82AE-F7CD929E3F92", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "05FD0056-F524-4475-BB41-0A4CC6E7A3EA", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "ADE81778-A65F-4A23-BDAC-AC28434E0887", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "D042F7CF-2694-437E-B60A-4C324EBAB1F0", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "DF68C32D-7015-4513-BEB2-2CFD08DC799B", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C5FC936E-91AC-4810-9A34-7384096A4922", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "D284FACA-DB0C-4182-96B7-F46EE28B0C54", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "5A628855-3BE7-4B40-AFB7-7819CBD88D21", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "A42B62B9-0ABA-4BE8-9115-6E633664FCE6", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "6A46B444-4436-4101-ABF8-DCF3F4E75D18", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E8994887-8E6A-4F6D-8A52-AB676E251B9F", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "731F5891-D398-49AE-BA04-179D9FD18ED2", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E009D956-E27B-435B-A308-9279A7DA2087", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "07A37B8B-7345-463B-A074-D8C2F242A311", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "85F1017C-4552-4A97-B911-8785EF5DC9A6", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "0982CCA5-8834-43D7-8596-F330D7A0A52B", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "B937A033-FDA2-461E-8697-2341A9DE23DB", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "A971D35C-8570-48E2-A6A6-0B2B5966BA56", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "4C0FA7D7-85D0-4E32-950E-1DE6D0C4342C", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "6FABCBE5-BF7B-4D2E-A886-8D38B3B82872", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "19A43BB0-22A6-4715-B556-1DE7CDCAF616", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "CF5BB84E-2F7B-4CC5-81F2-884562C1A18A", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "3E60EF97-0AA1-480F-B03E-26709C58030F", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "EC2B3E51-4AAD-4A1E-951D-6428A0C8D6BA", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "DE681603-E303-4759-B301-37BACF233C76", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "29A021AB-AFB3-473C-8111-AB0C9D10C805", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "48F4A0E1-8004-40DF-8700-35B6BE99F3C0", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "D1456E3E-3B38-42E2-96FE-B14361E30CB2", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "E9601144-D1E1-4F8A-A6C0-447E17F14337", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "2AA1C57D-9B7E-438B-AD71-784F29B8A185", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "21BE9909-DAA0-4A7C-8AAA-42A984FA0AF0", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "74942A53-8D7E-4706-B9C3-EB1C03488684", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "4B95D329-E683-4128-8FC4-300CA974F1F1", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FE68AFE1-0F44-4B37-87E5-C7D658186425", versionEndExcluding: "2021.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "089B7B95-60DC-44AD-A3A8-0F4844CEFB22", versionEndExcluding: "2022.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "1F89B484-5A9E-4C22-A9F7-976EF556C08A", versionEndExcluding: "2023.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "DB97A508-D0AC-47D2-8CA3-156063FFC136", versionEndExcluding: "2021.5", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "D35916C1-A782-42AC-B4D4-4131D8F430C3", versionEndExcluding: "2022.4", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "7A104E6A-8018-4F7F-ADBB-C1F3B29E4F8A", versionEndExcluding: "2023.3.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:maya_usd:*:*:*:*:*:*:*:*", matchCriteriaId: "8389D668-78CB-4CF9-85E0-E37A10D35698", versionEndExcluding: "2022.5", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:maya_usd:*:*:*:*:*:*:*:*", matchCriteriaId: "35B34667-2549-4EEE-B4F6-930DF7A7A8EA", versionEndExcluding: "2023.3", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "BB7E7583-0389-4959-B08E-BA433A32A84C", versionEndExcluding: "2022.4", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "E32A04AB-5C19-4328-9240-5A030E904726", versionEndExcluding: "2023.2", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "3392ACCC-079C-4AF8-A0A8-408711C9D094", versionEndExcluding: "2021.1.8", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:vred:*:*:*:*:*:*:*:*", matchCriteriaId: "CDF50B0E-69C5-4AD9-8C85-E695834E51BE", versionEndExcluding: "2023.4", versionStartIncluding: "2023", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", }, ], id: "CVE-2023-29068", lastModified: "2024-11-21T07:56:29.737", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-27T19:15:09.457", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 06:23
Severity ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "B0E84020-F179-4AF3-BF9C-6D27259B2847", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "87941CE7-7F89-4A09-BBE8-A0D829273A63", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "2C5F50DF-4792-4A29-BB21-5821CA5E3A22", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "183990CB-4AA2-4EEE-8A14-8BF3AD203347", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "4A416E4B-0910-45FB-B468-A6D159C6FD11", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "7A873E71-BC29-43BC-AFB2-98C06AE29F3B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "ED3A19CA-3D6A-42D6-86C5-6B4E494064FF", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "F616B84F-B471-43B9-BC5D-BA6CCE461F56", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0B37E9-4987-4B96-9B31-6168961E1496", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "20371433-EA59-442E-947A-CF0A6AFD750C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "AF176D9D-1FAE-42DA-B03C-5A3E66408D52", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0CB6CF-53F6-4FED-8BE5-F3E31832237F", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "145CD700-BC3E-4F2B-82ED-FA51A0296C67", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E716111F-273B-48DF-ADEA-44BADE5E7FEB", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "71FA0271-BE55-48AD-B88D-34645684E9DE", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "6DD91E39-A3D8-4806-A778-608FD6C29BB2", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "77A1562A-07B8-4130-B319-1BE2800D8771", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "0E59ACB5-8745-46A8-889E-005DEA38925B", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "8FB94403-A063-4BDB-BE35-E198BF128709", versionEndExcluding: "2020.3.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "06B6CA6F-48E9-4A48-B1A2-7537DCE9939E", versionEndExcluding: "2021.2.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "D01E3771-86FD-483D-BCCB-1B1CDD4C482F", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "EEC464C9-D741-41B4-B460-B4305BCD83FA", versionEndExcluding: "2022.2.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "230F8974-9613-4B58-8621-67CCE81E208C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "D9184783-2476-4ED0-9F05-CA2AC68446B3", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "752B8F1C-54E3-4985-97A4-86FBF13E6BFD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "120326C3-E212-4341-A25D-BC3DD50CF228", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "5BAA6D71-2B11-4490-A1C4-652347582EF6", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "6F78C528-605C-46F3-8CF0-828B682745B3", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "B117299A-C5FE-419F-9C1C-DF58A2772055", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "1075AC6C-C9E1-45EA-B371-B06235C6AA86", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "8E140DC9-7000-48ED-A5C7-B23023DFB199", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CC178212-E440-46E9-9F00-60A5516D4D72", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C71A1AD7-4651-4FA9-9114-023E07DCB285", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C2A2E5FC-9717-47C1-A223-F90DC572DAB0", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "984491F0-8303-4C6C-B884-00C032D797DD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", matchCriteriaId: "213232B9-A40B-436D-A66A-B65C49D59BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*", matchCriteriaId: "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*", matchCriteriaId: "84ED1789-A17F-48F7-A152-09D2A5C59254", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*", matchCriteriaId: "74819924-EB63-4BBF-9986-FEF6100EEE15", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "3FB6CD03-F783-49F7-A9D2-C97C642E8B29", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "7E9DF065-576B-46B8-9F64-A16D9CB25398", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "631D559D-B4CB-4D6A-93A7-94C0CA9C232B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "713BBAEC-BE6D-40BC-9FB3-EBB906FB09BA", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*", matchCriteriaId: "2E6ACCB8-A327-484D-A542-9BC30BA4554A", versionEndExcluding: "2.0.11405", versionStartIncluding: "2.0.10356", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "8F3054F1-0ED3-4C71-90E0-764EC5757F6B", versionEndExcluding: "2019.2.2", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "27BA9C22-0044-429D-AD68-C040DF0E1E34", versionEndExcluding: "2020.0.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2021:*:*:*:*:*:*:*", matchCriteriaId: "C59A098D-F778-49BB-8B02-61DFA956D456", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2022:*:*:*:*:*:*:*", matchCriteriaId: "829ACB24-271D-440F-8723-FDAE2430373E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "36D46284-4E2E-4C56-B830-3C786D5A238F", versionEndExcluding: "2019.3", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "180513CE-CEC1-4FF7-B1CB-03835D6B8797", versionEndExcluding: "2020.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FE68AFE1-0F44-4B37-87E5-C7D658186425", versionEndExcluding: "2021.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:-:*:*:*:*:*:*", matchCriteriaId: "6974FEA3-2CDE-438D-A153-372A20E0338A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "3D85361A-B19D-444A-A075-73DF234C081B", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "8F7898E8-E540-4775-943C-26A4A7A7BA60", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_3:*:*:*:*:*:*", matchCriteriaId: "5C6290F4-E5E6-4146-982E-9CB0FC693B5C", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:-:*:*:*:*:*:*", matchCriteriaId: "9A3FB713-593D-4CF4-97EE-10498DF3B008", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "1AF37BF8-1921-4D94-89D3-7890F2DA7048", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "7A1EAD58-4213-4340-9019-543A223C155D", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:*", matchCriteriaId: "E8799159-8E69-4463-96D9-920E64A675B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "DDAE8B1C-5799-4FCB-AA1F-E01C72C545B1", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "BAB28476-5965-441D-AAEF-F76F7C599F3F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:-:*:*:*:*:*:*", matchCriteriaId: "23B89172-71E0-482F-ABD9-E640EE18E1B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "C7E432F3-925E-4120-9568-F679302A26B2", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.1:*:*:*:*:*:*:*", matchCriteriaId: "CA85576C-0D0E-4724-AC3F-0FCB9B4F7D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "CE08EFFE-4D11-4CFD-A013-4ABEB5D8D36F", versionEndExcluding: "2019.6", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "72B1AA4E-8E9C-40C3-9402-92B64BE19D83", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "400ADD0C-F69C-41DF-B682-5DE90B2BC142", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "D53B7E4C-4F2E-428D-A6CB-D4F2FB5865B0", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "EA8C5795-C1E7-4E84-BAFD-A2F16DCD0B51", versionEndExcluding: "2019.7", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DC07E959-8A9E-448D-9E4F-EF7D41C4B1A7", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DD6A1944-2576-406F-8010-9080C68654D5", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "34EEF338-800E-4350-BC57-815A4AC19523", versionEndExcluding: "2019.2.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "655285C9-9DBC-4DA3-8A53-7D87A2CFFBF7", versionEndExcluding: "2020.2.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "81E7B898-A0C4-4458-8389-3310A2A889AE", versionEndExcluding: "2021.1.5", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", matchCriteriaId: "70FD96A0-AC16-4E51-B4C1-6BB14C2D905A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "A7FDF255-2066-4115-83BC-D38DD09A8E6A", versionEndExcluding: "2020.3.1", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "C2591CF9-EA06-4EEC-9A13-80CE6864C08A", versionEndExcluding: "2021.3.1", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2019:*:*:*:*:*:*:*", matchCriteriaId: "9AC1FC52-ACBC-4119-B42E-0297375B4522", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2022:*:*:*:*:*:*:*", matchCriteriaId: "AEAA2573-ABD3-4379-ADBE-A0508D2D38EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.", }, { lang: "es", value: "Una vulnerabilidad de corrupción de memoria puede conllevar a una ejecución de código mediante archivos DLL diseñados de forma maliciosa por medio del componente de procesamiento de imágenes de Autodesk", }, ], id: "CVE-2021-40163", lastModified: "2024-11-21T06:23:42.163", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-07T18:15:14.460", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-16 22:15
Modified
2025-02-10 21:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://autodesk.com/trust/security-advisories/adsk-sa-2024-0018 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "319E5439-3828-4177-9E5C-C0013238AF72", versionEndExcluding: "2024.2.2", versionStartIncluding: "2024", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "2A72AC7E-0FF8-4365-8FAB-17E805ECDC2F", versionEndExcluding: "2025.3", versionStartIncluding: "2025", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted PDF file, when parsed through Autodesk Revit, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.", }, { lang: "es", value: "Un archivo PDF manipulado con fines malintencionados, cuando se analiza a través de Autodesk Revit, puede forzar una escritura fuera de los límites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, escribir datos confidenciales o ejecutar código arbitrario en el contexto del proceso actual.", }, ], id: "CVE-2024-7993", lastModified: "2025-02-10T21:15:21.287", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@autodesk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-16T22:15:03.133", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0018", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "psirt@autodesk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-06-21 15:15
Modified
2024-11-21 06:56
Severity ?
Summary
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:3ds_max:2021:*:*:*:*:*:*:*", matchCriteriaId: "88A89032-1BA1-4657-98F6-E2ECB19BB4E6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:3ds_max:2022:*:*:*:*:*:*:*", matchCriteriaId: "887292AA-AC0F-4931-B55B-5FAAA127E3D0", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:advance_steel:2019:*:*:*:*:*:*:*", matchCriteriaId: "963B02A8-97DE-4C10-9AE1-3DA4FBC9AF9F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:advance_steel:2020:*:*:*:*:*:*:*", matchCriteriaId: "8C4543D1-94E4-4470-91BF-6F3141FD9DAE", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:advance_steel:2021:*:*:*:*:*:*:*", matchCriteriaId: "AB44E46E-C1FF-4642-9F0D-FEE599F12508", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:advance_steel:2022:*:*:*:*:*:*:*", matchCriteriaId: "FABA4668-B759-4EF8-B4F7-DD824A5BD38B", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2019:*:*:*:*:*:*:*", matchCriteriaId: "411DC826-735A-4BEB-84BE-9250F97F612E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2020:*:*:*:*:*:*:*", matchCriteriaId: "E30E2562-D38E-4764-874E-5B2FCF5639E5", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:*:*:*", matchCriteriaId: "88B2C295-D091-4C1D-8285-4309967707BC", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:*:*:*", matchCriteriaId: "EACE09F2-A323-4E4B-9A35-4EBAE3864E6C", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:macos:*:*", matchCriteriaId: "68FC54D1-B4FC-404E-9742-72F8340FE3C7", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:2019:*:*:*:*:*:*:*", matchCriteriaId: "9275E76C-2A79-462A-A9D3-D0B6BBCDD0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:2020:*:*:*:*:*:*:*", matchCriteriaId: "B7DFA12E-48C5-47B9-BD9F-1AFACBF4E1EA", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:2021:*:*:*:*:*:*:*", matchCriteriaId: "535A5D39-1C82-4301-9E5B-C9E0D75F38B9", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:2022:*:*:*:*:*:*:*", matchCriteriaId: "316615EC-BC9F-4B6A-8163-EBECC480EFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:2019:*:*:*:*:*:*:*", matchCriteriaId: "AB3A878B-2142-404F-BCF4-BB508674C6C4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:2020:*:*:*:*:*:*:*", matchCriteriaId: "64F2EC88-168D-4DD1-9ADA-3F9FA60D6E35", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:2021:*:*:*:*:*:*:*", matchCriteriaId: "5D73C803-7567-4C1D-B62A-C3C52369022D", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:2022:*:*:*:*:*:*:*", matchCriteriaId: "C5F77B03-3221-4564-B4FF-7BF7EEC1C5B6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:2019:*:*:*:*:*:*:*", matchCriteriaId: "A10DE5AF-1718-4899-9238-CFFDC72D05B7", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:2020:*:*:*:*:*:*:*", matchCriteriaId: "E388264D-D2D4-4BE4-9097-8F547D73ABE5", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:2021:*:*:*:*:*:*:*", matchCriteriaId: "16611BAA-C200-4C8B-823F-1AB95F5E1317", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:2022:*:*:*:*:*:*:*", matchCriteriaId: "E2DC5114-48D2-4D85-8E80-B4BCB0FD78F5", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:2019:*:*:*:*:*:*:*", matchCriteriaId: "03682B7E-1CF1-4456-A51F-A6ADFC177935", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:2020:*:*:*:*:*:*:*", matchCriteriaId: "371C5F60-4959-40C7-93E1-A01510A95115", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:2021:*:*:*:*:*:*:*", matchCriteriaId: "D83FB4C7-B374-4907-8E2B-EEE61C8339E7", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:*:*:*", matchCriteriaId: "601676EC-2EB4-45D0-B1AE-0980CBD68770", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:2022:*:*:*:*:macos:*:*", matchCriteriaId: "4A2EF334-E4E2-40DA-BD51-B74EE1E0ACCF", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:2019:*:*:*:*:*:*:*", matchCriteriaId: "04E05510-B21B-4DDD-88D7-CEB8963E1AFB", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:2020:*:*:*:*:*:*:*", matchCriteriaId: "D4CD010A-FDBC-40F9-95AC-0CD8388B85D1", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:2021:*:*:*:*:*:*:*", matchCriteriaId: "FC99E0F3-AA11-4390-A7C0-5BBFCDA94E3F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:2022:*:*:*:*:*:*:*", matchCriteriaId: "33AA60CF-611C-45FC-92F8-7517D87B1645", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:2019:*:*:*:*:*:*:*", matchCriteriaId: "19255CEC-6161-4D44-B87E-52E86DF4FBA7", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:2020:*:*:*:*:*:*:*", matchCriteriaId: "7147F378-DFB0-48A8-8B05-8777E1CC7F90", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:2021:*:*:*:*:*:*:*", matchCriteriaId: "3B5C858C-4A01-4916-BE3E-B9056D67CF5F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:2022:*:*:*:*:*:*:*", matchCriteriaId: "7EB83A4A-D4C2-4509-BD49-15B9BBC7BF97", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:2019:*:*:*:*:*:*:*", matchCriteriaId: "3F608B1C-BA96-4EA8-A540-83870262CBC1", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:2020:*:*:*:*:*:*:*", matchCriteriaId: "7CFAAD19-6248-42CB-B177-EC2E5141A953", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:2021:*:*:*:*:*:*:*", matchCriteriaId: "1C52D90B-578B-4281-BF0E-B7CDA425ED05", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:2022:*:*:*:*:*:*:*", matchCriteriaId: "4C8AD4F3-AA82-49F5-A18A-85127FDB8B95", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:2019:*:*:*:*:*:*:*", matchCriteriaId: "4E536B0D-4C95-4589-981A-2F8A6C4B44DC", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:2020:*:*:*:*:*:*:*", matchCriteriaId: "3FBDD3AC-FA00-462F-AA13-5A75B5D50689", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:2021:*:*:*:*:*:*:*", matchCriteriaId: "73E2E9E8-2269-4729-8D8F-3C26974F5FD2", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:2022:*:*:*:*:*:*:*", matchCriteriaId: "452A1A75-C59A-43AB-9C43-BA49EB95C39C", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", matchCriteriaId: "213232B9-A40B-436D-A66A-B65C49D59BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:2019:*:*:*:*:*:*:*", matchCriteriaId: "F8EB8353-CA0F-4B38-9427-56C845696A7D", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:2020:*:*:*:*:*:*:*", matchCriteriaId: "3B3A9D11-51D7-4384-A6CF-B1AE46625E66", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:2022:*:*:*:*:*:*:*", matchCriteriaId: "8694D891-A923-4B62-A508-77E6EBC54646", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2020:*:*:*:*:*:*:*", matchCriteriaId: "8A183FC7-49B7-4475-A580-E87B68690997", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2021:*:*:*:*:*:*:*", matchCriteriaId: "E9CFAE69-D0D3-4850-8752-DD2DC3FF51CA", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", matchCriteriaId: "70FD96A0-AC16-4E51-B4C1-6BB14C2D905A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.", }, { lang: "es", value: "Las versiones del paquete de productos AutoCAD, Revit, Design Review y Navisworks que usan PDFTron versiones anteriores a 9.1.17, pueden escribir más allá del búfer asignado mientras analizan los archivos PDF. Esta vulnerabilidad puede ser explotada para ejecutar código arbitrario", }, ], id: "CVE-2022-27871", lastModified: "2024-11-21T06:56:22.103", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-06-21T15:15:08.863", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-27 23:15
Modified
2024-11-21 07:48
Severity ?
Summary
A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:3ds_max:2022:*:*:*:*:*:*:*", matchCriteriaId: "887292AA-AC0F-4931-B55B-5FAAA127E3D0", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:3ds_max:2023:*:*:*:*:*:*:*", matchCriteriaId: "6731E5DD-43A2-4A62-8191-FE82096C68F5", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:2022:*:*:*:*:*:*:*", matchCriteriaId: "8694D891-A923-4B62-A508-77E6EBC54646", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:2023:*:*:*:*:*:*:*", matchCriteriaId: "8BC216B0-0CBC-4652-BCBB-E5A1EBE24F72", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", matchCriteriaId: "70FD96A0-AC16-4E51-B4C1-6BB14C2D905A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2023:*:*:*:*:*:*:*", matchCriteriaId: "2F75A973-839F-4BD0-8603-07AEF3F12476", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:vred:2023:*:*:*:*:*:*:*", matchCriteriaId: "408CDE75-A916-4C12-9FA2-FBFAB65CB0FF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.", }, ], id: "CVE-2023-25002", lastModified: "2024-11-21T07:48:54.660", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-27T23:15:09.590", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0002", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 06:23
Severity ?
Summary
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "B0E84020-F179-4AF3-BF9C-6D27259B2847", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "87941CE7-7F89-4A09-BBE8-A0D829273A63", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "2C5F50DF-4792-4A29-BB21-5821CA5E3A22", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "183990CB-4AA2-4EEE-8A14-8BF3AD203347", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "4A416E4B-0910-45FB-B468-A6D159C6FD11", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "7A873E71-BC29-43BC-AFB2-98C06AE29F3B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "ED3A19CA-3D6A-42D6-86C5-6B4E494064FF", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "F616B84F-B471-43B9-BC5D-BA6CCE461F56", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0B37E9-4987-4B96-9B31-6168961E1496", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "20371433-EA59-442E-947A-CF0A6AFD750C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "AF176D9D-1FAE-42DA-B03C-5A3E66408D52", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0CB6CF-53F6-4FED-8BE5-F3E31832237F", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "145CD700-BC3E-4F2B-82ED-FA51A0296C67", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E716111F-273B-48DF-ADEA-44BADE5E7FEB", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "71FA0271-BE55-48AD-B88D-34645684E9DE", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "6DD91E39-A3D8-4806-A778-608FD6C29BB2", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "77A1562A-07B8-4130-B319-1BE2800D8771", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "0E59ACB5-8745-46A8-889E-005DEA38925B", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "8FB94403-A063-4BDB-BE35-E198BF128709", versionEndExcluding: "2020.3.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "06B6CA6F-48E9-4A48-B1A2-7537DCE9939E", versionEndExcluding: "2021.2.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "D01E3771-86FD-483D-BCCB-1B1CDD4C482F", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "EEC464C9-D741-41B4-B460-B4305BCD83FA", versionEndExcluding: "2022.2.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "230F8974-9613-4B58-8621-67CCE81E208C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "D9184783-2476-4ED0-9F05-CA2AC68446B3", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "752B8F1C-54E3-4985-97A4-86FBF13E6BFD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "120326C3-E212-4341-A25D-BC3DD50CF228", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "5BAA6D71-2B11-4490-A1C4-652347582EF6", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "6F78C528-605C-46F3-8CF0-828B682745B3", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "B117299A-C5FE-419F-9C1C-DF58A2772055", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "1075AC6C-C9E1-45EA-B371-B06235C6AA86", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "8E140DC9-7000-48ED-A5C7-B23023DFB199", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CC178212-E440-46E9-9F00-60A5516D4D72", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C71A1AD7-4651-4FA9-9114-023E07DCB285", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C2A2E5FC-9717-47C1-A223-F90DC572DAB0", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "984491F0-8303-4C6C-B884-00C032D797DD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", matchCriteriaId: "213232B9-A40B-436D-A66A-B65C49D59BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*", matchCriteriaId: "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*", matchCriteriaId: "84ED1789-A17F-48F7-A152-09D2A5C59254", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*", matchCriteriaId: "74819924-EB63-4BBF-9986-FEF6100EEE15", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "3FB6CD03-F783-49F7-A9D2-C97C642E8B29", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "7E9DF065-576B-46B8-9F64-A16D9CB25398", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "631D559D-B4CB-4D6A-93A7-94C0CA9C232B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "713BBAEC-BE6D-40BC-9FB3-EBB906FB09BA", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*", matchCriteriaId: "2E6ACCB8-A327-484D-A542-9BC30BA4554A", versionEndExcluding: "2.0.11405", versionStartIncluding: "2.0.10356", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "8F3054F1-0ED3-4C71-90E0-764EC5757F6B", versionEndExcluding: "2019.2.2", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "27BA9C22-0044-429D-AD68-C040DF0E1E34", versionEndExcluding: "2020.0.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2021:*:*:*:*:*:*:*", matchCriteriaId: "C59A098D-F778-49BB-8B02-61DFA956D456", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2022:*:*:*:*:*:*:*", matchCriteriaId: "829ACB24-271D-440F-8723-FDAE2430373E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "36D46284-4E2E-4C56-B830-3C786D5A238F", versionEndExcluding: "2019.3", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "180513CE-CEC1-4FF7-B1CB-03835D6B8797", versionEndExcluding: "2020.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FE68AFE1-0F44-4B37-87E5-C7D658186425", versionEndExcluding: "2021.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:-:*:*:*:*:*:*", matchCriteriaId: "6974FEA3-2CDE-438D-A153-372A20E0338A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "3D85361A-B19D-444A-A075-73DF234C081B", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "8F7898E8-E540-4775-943C-26A4A7A7BA60", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_3:*:*:*:*:*:*", matchCriteriaId: "5C6290F4-E5E6-4146-982E-9CB0FC693B5C", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:-:*:*:*:*:*:*", matchCriteriaId: "9A3FB713-593D-4CF4-97EE-10498DF3B008", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "1AF37BF8-1921-4D94-89D3-7890F2DA7048", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "7A1EAD58-4213-4340-9019-543A223C155D", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:*", matchCriteriaId: "E8799159-8E69-4463-96D9-920E64A675B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "DDAE8B1C-5799-4FCB-AA1F-E01C72C545B1", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "BAB28476-5965-441D-AAEF-F76F7C599F3F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:-:*:*:*:*:*:*", matchCriteriaId: "23B89172-71E0-482F-ABD9-E640EE18E1B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "C7E432F3-925E-4120-9568-F679302A26B2", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.1:*:*:*:*:*:*:*", matchCriteriaId: "CA85576C-0D0E-4724-AC3F-0FCB9B4F7D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "CE08EFFE-4D11-4CFD-A013-4ABEB5D8D36F", versionEndExcluding: "2019.6", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "72B1AA4E-8E9C-40C3-9402-92B64BE19D83", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "400ADD0C-F69C-41DF-B682-5DE90B2BC142", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "D53B7E4C-4F2E-428D-A6CB-D4F2FB5865B0", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "EA8C5795-C1E7-4E84-BAFD-A2F16DCD0B51", versionEndExcluding: "2019.7", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DC07E959-8A9E-448D-9E4F-EF7D41C4B1A7", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DD6A1944-2576-406F-8010-9080C68654D5", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "34EEF338-800E-4350-BC57-815A4AC19523", versionEndExcluding: "2019.2.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "655285C9-9DBC-4DA3-8A53-7D87A2CFFBF7", versionEndExcluding: "2020.2.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "81E7B898-A0C4-4458-8389-3310A2A889AE", versionEndExcluding: "2021.1.5", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", matchCriteriaId: "70FD96A0-AC16-4E51-B4C1-6BB14C2D905A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "A7FDF255-2066-4115-83BC-D38DD09A8E6A", versionEndExcluding: "2020.3.1", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "C2591CF9-EA06-4EEC-9A13-80CE6864C08A", versionEndExcluding: "2021.3.1", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2019:*:*:*:*:*:*:*", matchCriteriaId: "9AC1FC52-ACBC-4119-B42E-0297375B4522", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2022:*:*:*:*:*:*:*", matchCriteriaId: "AEAA2573-ABD3-4379-ADBE-A0508D2D38EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.", }, { lang: "es", value: "Podría producirse un desbordamiento del búfer en la región heap de la memoria pila mientras son analizados archivos TIFF, PICT, TGA o RLC. Esta vulnerabilidad puede ser explotada para ejecutar código arbitrario", }, ], id: "CVE-2021-40164", lastModified: "2024-11-21T06:23:42.310", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-07T18:15:14.560", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 06:23
Severity ?
Summary
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "B0E84020-F179-4AF3-BF9C-6D27259B2847", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "87941CE7-7F89-4A09-BBE8-A0D829273A63", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "2C5F50DF-4792-4A29-BB21-5821CA5E3A22", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "183990CB-4AA2-4EEE-8A14-8BF3AD203347", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "4A416E4B-0910-45FB-B468-A6D159C6FD11", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "7A873E71-BC29-43BC-AFB2-98C06AE29F3B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "ED3A19CA-3D6A-42D6-86C5-6B4E494064FF", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "F616B84F-B471-43B9-BC5D-BA6CCE461F56", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0B37E9-4987-4B96-9B31-6168961E1496", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "20371433-EA59-442E-947A-CF0A6AFD750C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "AF176D9D-1FAE-42DA-B03C-5A3E66408D52", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0CB6CF-53F6-4FED-8BE5-F3E31832237F", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "145CD700-BC3E-4F2B-82ED-FA51A0296C67", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E716111F-273B-48DF-ADEA-44BADE5E7FEB", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "71FA0271-BE55-48AD-B88D-34645684E9DE", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "6DD91E39-A3D8-4806-A778-608FD6C29BB2", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "77A1562A-07B8-4130-B319-1BE2800D8771", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "0E59ACB5-8745-46A8-889E-005DEA38925B", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "8FB94403-A063-4BDB-BE35-E198BF128709", versionEndExcluding: "2020.3.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "06B6CA6F-48E9-4A48-B1A2-7537DCE9939E", versionEndExcluding: "2021.2.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "D01E3771-86FD-483D-BCCB-1B1CDD4C482F", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "EEC464C9-D741-41B4-B460-B4305BCD83FA", versionEndExcluding: "2022.2.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "230F8974-9613-4B58-8621-67CCE81E208C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "D9184783-2476-4ED0-9F05-CA2AC68446B3", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "752B8F1C-54E3-4985-97A4-86FBF13E6BFD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "120326C3-E212-4341-A25D-BC3DD50CF228", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "5BAA6D71-2B11-4490-A1C4-652347582EF6", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "6F78C528-605C-46F3-8CF0-828B682745B3", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "B117299A-C5FE-419F-9C1C-DF58A2772055", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "1075AC6C-C9E1-45EA-B371-B06235C6AA86", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "8E140DC9-7000-48ED-A5C7-B23023DFB199", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CC178212-E440-46E9-9F00-60A5516D4D72", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C71A1AD7-4651-4FA9-9114-023E07DCB285", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C2A2E5FC-9717-47C1-A223-F90DC572DAB0", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "984491F0-8303-4C6C-B884-00C032D797DD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", matchCriteriaId: "213232B9-A40B-436D-A66A-B65C49D59BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*", matchCriteriaId: "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*", matchCriteriaId: "84ED1789-A17F-48F7-A152-09D2A5C59254", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*", matchCriteriaId: "74819924-EB63-4BBF-9986-FEF6100EEE15", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "3FB6CD03-F783-49F7-A9D2-C97C642E8B29", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "7E9DF065-576B-46B8-9F64-A16D9CB25398", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "631D559D-B4CB-4D6A-93A7-94C0CA9C232B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "713BBAEC-BE6D-40BC-9FB3-EBB906FB09BA", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*", matchCriteriaId: "2E6ACCB8-A327-484D-A542-9BC30BA4554A", versionEndExcluding: "2.0.11405", versionStartIncluding: "2.0.10356", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "8F3054F1-0ED3-4C71-90E0-764EC5757F6B", versionEndExcluding: "2019.2.2", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "27BA9C22-0044-429D-AD68-C040DF0E1E34", versionEndExcluding: "2020.0.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2021:*:*:*:*:*:*:*", matchCriteriaId: "C59A098D-F778-49BB-8B02-61DFA956D456", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2022:*:*:*:*:*:*:*", matchCriteriaId: "829ACB24-271D-440F-8723-FDAE2430373E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "36D46284-4E2E-4C56-B830-3C786D5A238F", versionEndExcluding: "2019.3", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "180513CE-CEC1-4FF7-B1CB-03835D6B8797", versionEndExcluding: "2020.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FE68AFE1-0F44-4B37-87E5-C7D658186425", versionEndExcluding: "2021.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:-:*:*:*:*:*:*", matchCriteriaId: "6974FEA3-2CDE-438D-A153-372A20E0338A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "3D85361A-B19D-444A-A075-73DF234C081B", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "8F7898E8-E540-4775-943C-26A4A7A7BA60", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_3:*:*:*:*:*:*", matchCriteriaId: "5C6290F4-E5E6-4146-982E-9CB0FC693B5C", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:-:*:*:*:*:*:*", matchCriteriaId: "9A3FB713-593D-4CF4-97EE-10498DF3B008", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "1AF37BF8-1921-4D94-89D3-7890F2DA7048", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "7A1EAD58-4213-4340-9019-543A223C155D", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:*", matchCriteriaId: "E8799159-8E69-4463-96D9-920E64A675B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "DDAE8B1C-5799-4FCB-AA1F-E01C72C545B1", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "BAB28476-5965-441D-AAEF-F76F7C599F3F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:-:*:*:*:*:*:*", matchCriteriaId: "23B89172-71E0-482F-ABD9-E640EE18E1B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "C7E432F3-925E-4120-9568-F679302A26B2", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.1:*:*:*:*:*:*:*", matchCriteriaId: "CA85576C-0D0E-4724-AC3F-0FCB9B4F7D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "CE08EFFE-4D11-4CFD-A013-4ABEB5D8D36F", versionEndExcluding: "2019.6", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "72B1AA4E-8E9C-40C3-9402-92B64BE19D83", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "400ADD0C-F69C-41DF-B682-5DE90B2BC142", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "D53B7E4C-4F2E-428D-A6CB-D4F2FB5865B0", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "EA8C5795-C1E7-4E84-BAFD-A2F16DCD0B51", versionEndExcluding: "2019.7", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DC07E959-8A9E-448D-9E4F-EF7D41C4B1A7", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DD6A1944-2576-406F-8010-9080C68654D5", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "34EEF338-800E-4350-BC57-815A4AC19523", versionEndExcluding: "2019.2.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "655285C9-9DBC-4DA3-8A53-7D87A2CFFBF7", versionEndExcluding: "2020.2.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "81E7B898-A0C4-4458-8389-3310A2A889AE", versionEndExcluding: "2021.1.5", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", matchCriteriaId: "70FD96A0-AC16-4E51-B4C1-6BB14C2D905A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "A7FDF255-2066-4115-83BC-D38DD09A8E6A", versionEndExcluding: "2020.3.1", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "C2591CF9-EA06-4EEC-9A13-80CE6864C08A", versionEndExcluding: "2021.3.1", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2019:*:*:*:*:*:*:*", matchCriteriaId: "9AC1FC52-ACBC-4119-B42E-0297375B4522", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2022:*:*:*:*:*:*:*", matchCriteriaId: "AEAA2573-ABD3-4379-ADBE-A0508D2D38EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.", }, { lang: "es", value: "Un archivo PNG diseñado de forma maliciosa en el componente de procesamiento de imágenes de Autodesk puede usarse para intentar liberar un objeto que ya ha sido liberado mientras es analizado. Esta vulnerabilidad puede ser explotada por atacantes para ejecutar código arbitrario", }, ], id: "CVE-2021-40166", lastModified: "2024-11-21T06:23:42.607", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-07T18:15:14.743", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | 3ds_max | 7 | |
| autodesk | architectural_desktop | 2005 | |
| autodesk | architectural_desktop | 2006 | |
| autodesk | autocad | 2005 | |
| autodesk | autocad | 2006 | |
| autodesk | autocad_civil_3d | 2005 | |
| autodesk | autocad_civil_3d | 2006 | |
| autodesk | autocad_electrical | 2005 | |
| autodesk | autocad_electrical | 2006 | |
| autodesk | autocad_lt | 2005 | |
| autodesk | autocad_lt | 2006 | |
| autodesk | autocad_mechanical | 2005 | |
| autodesk | autocad_mechanical | 2006 | |
| autodesk | building_systems | 2005 | |
| autodesk | building_systems | 2006 | |
| autodesk | civil_design | 2005 | |
| autodesk | inventor | 9 | |
| autodesk | inventor | 10 | |
| autodesk | land_desktop | 2005 | |
| autodesk | land_desktop | 2006 | |
| autodesk | map_3d | 2005 | |
| autodesk | map_3d | 2006 | |
| autodesk | raster_design | 2005 | |
| autodesk | raster_design | 2006 | |
| autodesk | revit | 7 | |
| autodesk | revit | 8 | |
| autodesk | revit_structure | 6 | |
| autodesk | revit_structure | 8.1 | |
| autodesk | survey | 2005 | |
| autodesk | survey | 2006 | |
| autodesk | utility_design | 2005 | |
| autodesk | viz | 2006 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:3ds_max:7:*:*:*:*:*:*:*", matchCriteriaId: "21F34A76-B1BD-45C7-9EFE-221F5E35985F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:architectural_desktop:2005:*:*:*:*:*:*:*", matchCriteriaId: "791C4C7D-4D59-47DF-830E-314AF749489C", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:architectural_desktop:2006:*:*:*:*:*:*:*", matchCriteriaId: "03924CB2-0553-499F-A073-9C969BCEE92C", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2005:*:*:*:*:*:*:*", matchCriteriaId: "0A1AE6F6-B9C4-412A-B917-9C5EC1DD0E69", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2006:*:*:*:*:*:*:*", matchCriteriaId: "AED452EF-ED18-4F7B-AE45-BE031AED42B0", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:2005:*:*:*:*:*:*:*", matchCriteriaId: "19748367-BE4B-49F4-A505-A9C4E7CBC339", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:2006:*:*:*:*:*:*:*", matchCriteriaId: "4BE81A33-FB05-4CE3-B871-2C108522872B", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:2005:*:*:*:*:*:*:*", matchCriteriaId: "F064E5F4-079C-4345-A16E-F5F7996EC5A3", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:2006:*:*:*:*:*:*:*", matchCriteriaId: "D002ED36-1612-43C5-9014-BF6360DB9D81", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:2005:*:*:*:*:*:*:*", matchCriteriaId: "EF060231-C0C6-4B2F-B387-05E8AB1BF0CC", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:2006:*:*:*:*:*:*:*", matchCriteriaId: "1312CE76-F9C6-4FED-ABC9-8C97FE69B071", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:2005:*:*:*:*:*:*:*", matchCriteriaId: "45C3F280-B5FA-4BA6-ADFA-195C9D0D4155", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:2006:*:*:*:*:*:*:*", matchCriteriaId: "B6A81BA6-CDEE-4BF4-B78B-C3FAA68D31EE", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:building_systems:2005:*:*:*:*:*:*:*", matchCriteriaId: "9B00278F-BB19-465F-A150-F14CBD665F08", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:building_systems:2006:*:*:*:*:*:*:*", matchCriteriaId: "EFD11268-AE49-4202-836E-322A35AF7B09", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:civil_design:2005:*:*:*:*:*:*:*", matchCriteriaId: "E4A78C5B-EA4F-41B6-99AE-50F1D0A95619", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:9:*:*:*:*:*:*:*", matchCriteriaId: "0F754AD7-CEB4-404B-9FEC-2E719DFC3042", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:10:*:professional:*:*:*:*:*", matchCriteriaId: "BC2BA958-9373-434E-BBBD-9954065AA790", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:land_desktop:2005:sp1:*:*:*:*:*:*", matchCriteriaId: "C40078F9-9DD0-40C0-A4DF-359AC401616F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:land_desktop:2006:*:*:*:*:*:*:*", matchCriteriaId: "9F4C9960-DFA8-4599-A362-684AC3BE08D7", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:map_3d:2005:*:*:*:*:*:*:*", matchCriteriaId: "EB7B41DE-6DD2-4A58-9575-E12774D772E0", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:map_3d:2006:*:*:*:*:*:*:*", matchCriteriaId: "C245344A-E89B-42A6-9105-3784DC043F30", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:raster_design:2005:*:*:*:*:*:*:*", matchCriteriaId: "7781D592-DB95-439C-B559-945CF300A645", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:raster_design:2006:*:*:*:*:*:*:*", matchCriteriaId: "AAA56C0D-0317-4402-9275-06E27016E232", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:7:*:*:*:*:*:*:*", matchCriteriaId: "FFF9AF1F-22F9-4920-BC9A-B6EAF43F54C6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:8:*:*:*:*:*:*:*", matchCriteriaId: "1EFE74F6-6BE6-4EE9-A713-495F4A193EA8", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit_structure:6:*:*:*:*:*:*:*", matchCriteriaId: "18A5DA3B-7BB8-4D5B-8FA2-09ACE64142D7", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit_structure:8.1:*:*:*:*:*:*:*", matchCriteriaId: "5FA395F4-BC6A-4AF1-A3A2-D6CC8C3B732F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:survey:2005:*:*:*:*:*:*:*", matchCriteriaId: "A028F3F2-2FD8-4456-B5F7-A58C35C9EDEB", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:survey:2006:sp1:*:*:*:*:*:*", matchCriteriaId: "5EBBD36A-2188-447A-ADB8-3E7F0C1575CA", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:utility_design:2005:*:*:*:*:*:*:*", matchCriteriaId: "DAE1D0C9-AD53-41FF-835A-0353859F1FDD", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:viz:2006:*:*:*:*:*:*:*", matchCriteriaId: "4E24F53D-56AC-425A-B2B7-019206E211B7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user's computer,\" aka ID DL5549329.", }, ], id: "CVE-2005-4710", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-12-31T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/18682", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/16472", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/18682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112&id=5549329&linkID=4183232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/16472", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-16 22:15
Modified
2024-10-21 18:35
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://autodesk.com/trust/security-advisories/adsk-sa-2024-0017 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "A5391738-3303-45EE-9530-0EE27781B541", versionEndExcluding: "2024.3", versionStartIncluding: "2024", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "2A72AC7E-0FF8-4365-8FAB-17E805ECDC2F", versionEndExcluding: "2025.3", versionStartIncluding: "2025", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.", }, { lang: "es", value: "Un archivo RFA manipulado con fines malintencionados, cuando se analiza a través de Autodesk Revit, puede provocar un desbordamiento de búfer basado en pila. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar código arbitrario en el contexto del proceso actual.", }, ], id: "CVE-2024-7994", lastModified: "2024-10-21T18:35:55.397", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "psirt@autodesk.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-16T22:15:03.353", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0017", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "psirt@autodesk.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-07 18:15
Modified
2024-11-21 06:23
Severity ?
Summary
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "B0E84020-F179-4AF3-BF9C-6D27259B2847", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "87941CE7-7F89-4A09-BBE8-A0D829273A63", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "2C5F50DF-4792-4A29-BB21-5821CA5E3A22", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "183990CB-4AA2-4EEE-8A14-8BF3AD203347", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "4A416E4B-0910-45FB-B468-A6D159C6FD11", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "7A873E71-BC29-43BC-AFB2-98C06AE29F3B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "ED3A19CA-3D6A-42D6-86C5-6B4E494064FF", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "C9338B09-BCD8-4E67-A331-1B8D5FB5DA24", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "F616B84F-B471-43B9-BC5D-BA6CCE461F56", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0B37E9-4987-4B96-9B31-6168961E1496", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "20371433-EA59-442E-947A-CF0A6AFD750C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "AF176D9D-1FAE-42DA-B03C-5A3E66408D52", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "FD0CB6CF-53F6-4FED-8BE5-F3E31832237F", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "145CD700-BC3E-4F2B-82ED-FA51A0296C67", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "86CF88E0-A49D-4528-8135-6BE5C9E5DD7C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E716111F-273B-48DF-ADEA-44BADE5E7FEB", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "71FA0271-BE55-48AD-B88D-34645684E9DE", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "6DD91E39-A3D8-4806-A778-608FD6C29BB2", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "77A1562A-07B8-4130-B319-1BE2800D8771", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "0E59ACB5-8745-46A8-889E-005DEA38925B", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "8FB94403-A063-4BDB-BE35-E198BF128709", versionEndExcluding: "2020.3.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "06B6CA6F-48E9-4A48-B1A2-7537DCE9939E", versionEndExcluding: "2021.2.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "D01E3771-86FD-483D-BCCB-1B1CDD4C482F", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "EEC464C9-D741-41B4-B460-B4305BCD83FA", versionEndExcluding: "2022.2.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "230F8974-9613-4B58-8621-67CCE81E208C", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "D9184783-2476-4ED0-9F05-CA2AC68446B3", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "752B8F1C-54E3-4985-97A4-86FBF13E6BFD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "120326C3-E212-4341-A25D-BC3DD50CF228", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "AF0FCE36-8A0F-4CDB-86B3-D8F7875511FD", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "5BAA6D71-2B11-4490-A1C4-652347582EF6", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "6F78C528-605C-46F3-8CF0-828B682745B3", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "B117299A-C5FE-419F-9C1C-DF58A2772055", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "1075AC6C-C9E1-45EA-B371-B06235C6AA86", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "8E140DC9-7000-48ED-A5C7-B23023DFB199", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CC178212-E440-46E9-9F00-60A5516D4D72", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C71A1AD7-4651-4FA9-9114-023E07DCB285", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C2A2E5FC-9717-47C1-A223-F90DC572DAB0", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "984491F0-8303-4C6C-B884-00C032D797DD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", matchCriteriaId: "213232B9-A40B-436D-A66A-B65C49D59BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*", matchCriteriaId: "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*", matchCriteriaId: "84ED1789-A17F-48F7-A152-09D2A5C59254", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*", matchCriteriaId: "74819924-EB63-4BBF-9986-FEF6100EEE15", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "3FB6CD03-F783-49F7-A9D2-C97C642E8B29", versionEndExcluding: "2019.1.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "7E9DF065-576B-46B8-9F64-A16D9CB25398", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "631D559D-B4CB-4D6A-93A7-94C0CA9C232B", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*", matchCriteriaId: "713BBAEC-BE6D-40BC-9FB3-EBB906FB09BA", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:fusion:*:*:*:*:*:*:*:*", matchCriteriaId: "2E6ACCB8-A327-484D-A542-9BC30BA4554A", versionEndExcluding: "2.0.11405", versionStartIncluding: "2.0.10356", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "8F3054F1-0ED3-4C71-90E0-764EC5757F6B", versionEndExcluding: "2019.2.2", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*", matchCriteriaId: "27BA9C22-0044-429D-AD68-C040DF0E1E34", versionEndExcluding: "2020.0.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2021:*:*:*:*:*:*:*", matchCriteriaId: "C59A098D-F778-49BB-8B02-61DFA956D456", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infrastructure_parts_editor:2022:*:*:*:*:*:*:*", matchCriteriaId: "829ACB24-271D-440F-8723-FDAE2430373E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "36D46284-4E2E-4C56-B830-3C786D5A238F", versionEndExcluding: "2019.3", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "180513CE-CEC1-4FF7-B1CB-03835D6B8797", versionEndExcluding: "2020.2", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FE68AFE1-0F44-4B37-87E5-C7D658186425", versionEndExcluding: "2021.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:-:*:*:*:*:*:*", matchCriteriaId: "6974FEA3-2CDE-438D-A153-372A20E0338A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "3D85361A-B19D-444A-A075-73DF234C081B", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "8F7898E8-E540-4775-943C-26A4A7A7BA60", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2019.3:hotfix_3:*:*:*:*:*:*", matchCriteriaId: "5C6290F4-E5E6-4146-982E-9CB0FC693B5C", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:-:*:*:*:*:*:*", matchCriteriaId: "9A3FB713-593D-4CF4-97EE-10498DF3B008", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "1AF37BF8-1921-4D94-89D3-7890F2DA7048", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2020.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "7A1EAD58-4213-4340-9019-543A223C155D", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:-:*:*:*:*:*:*", matchCriteriaId: "E8799159-8E69-4463-96D9-920E64A675B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "DDAE8B1C-5799-4FCB-AA1F-E01C72C545B1", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2021.2:hotfix_2:*:*:*:*:*:*", matchCriteriaId: "BAB28476-5965-441D-AAEF-F76F7C599F3F", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:-:*:*:*:*:*:*", matchCriteriaId: "23B89172-71E0-482F-ABD9-E640EE18E1B4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.0:hotfix_1:*:*:*:*:*:*", matchCriteriaId: "C7E432F3-925E-4120-9568-F679302A26B2", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:2022.1:*:*:*:*:*:*:*", matchCriteriaId: "CA85576C-0D0E-4724-AC3F-0FCB9B4F7D2E", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "CE08EFFE-4D11-4CFD-A013-4ABEB5D8D36F", versionEndExcluding: "2019.6", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "72B1AA4E-8E9C-40C3-9402-92B64BE19D83", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "400ADD0C-F69C-41DF-B682-5DE90B2BC142", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "D53B7E4C-4F2E-428D-A6CB-D4F2FB5865B0", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "EA8C5795-C1E7-4E84-BAFD-A2F16DCD0B51", versionEndExcluding: "2019.7", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DC07E959-8A9E-448D-9E4F-EF7D41C4B1A7", versionEndExcluding: "2020.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "DD6A1944-2576-406F-8010-9080C68654D5", versionEndExcluding: "2021.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "34EEF338-800E-4350-BC57-815A4AC19523", versionEndExcluding: "2019.2.4", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "655285C9-9DBC-4DA3-8A53-7D87A2CFFBF7", versionEndExcluding: "2020.2.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "81E7B898-A0C4-4458-8389-3310A2A889AE", versionEndExcluding: "2021.1.5", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:2022:*:*:*:*:*:*:*", matchCriteriaId: "70FD96A0-AC16-4E51-B4C1-6BB14C2D905A", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "A7FDF255-2066-4115-83BC-D38DD09A8E6A", versionEndExcluding: "2020.3.1", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:*:*:*:*:*:*:*:*", matchCriteriaId: "C2591CF9-EA06-4EEC-9A13-80CE6864C08A", versionEndExcluding: "2021.3.1", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2019:*:*:*:*:*:*:*", matchCriteriaId: "9AC1FC52-ACBC-4119-B42E-0297375B4522", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:storm_and_sanitary_analysis:2022:*:*:*:*:*:*:*", matchCriteriaId: "AEAA2573-ABD3-4379-ADBE-A0508D2D38EF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.", }, { lang: "es", value: "Un archivo TIFF, PICT, TGA o RLC diseñado de forma maliciosa en el componente de procesamiento de imágenes de Autodesk puede usarse para escribir más allá del búfer asignado mientras se analizan los archivos TIFF, PICT, TGA o RLC. Esta vulnerabilidad puede ser explotada para ejecutar código arbitrario", }, ], id: "CVE-2021-40165", lastModified: "2024-11-21T06:23:42.460", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-07T18:15:14.650", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-27 19:15
Modified
2024-11-21 07:48
Severity ?
Summary
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:alias:*:*:*:*:*:*:*:*", matchCriteriaId: "19760052-9480-46D8-B5A3-7F6FE3F74ED6", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "5269098B-1C20-4754-99F9-0A6B97E1490D", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "00EACCCC-CD89-490B-BBC1-F06EA6867AFD", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "5829F52D-F61C-4B79-B724-3388B1B1723A", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "70C48E66-DF91-4F0B-B93D-F6372BFC55C9", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "B85E0DDB-60A9-4AEA-BAA3-34E8DF25BF96", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "179FB815-E469-42A1-91CB-B766891C7552", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "CCB04040-8C83-4381-B762-61F0ED8C8CC0", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "57C7CD03-53D7-4224-82AE-F7CD929E3F92", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "05FD0056-F524-4475-BB41-0A4CC6E7A3EA", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "ADE81778-A65F-4A23-BDAC-AC28434E0887", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "D042F7CF-2694-437E-B60A-4C324EBAB1F0", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "DF68C32D-7015-4513-BEB2-2CFD08DC799B", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C5FC936E-91AC-4810-9A34-7384096A4922", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "D284FACA-DB0C-4182-96B7-F46EE28B0C54", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "5A628855-3BE7-4B40-AFB7-7819CBD88D21", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "A42B62B9-0ABA-4BE8-9115-6E633664FCE6", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "6A46B444-4436-4101-ABF8-DCF3F4E75D18", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E8994887-8E6A-4F6D-8A52-AB676E251B9F", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "731F5891-D398-49AE-BA04-179D9FD18ED2", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E009D956-E27B-435B-A308-9279A7DA2087", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "07A37B8B-7345-463B-A074-D8C2F242A311", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "85F1017C-4552-4A97-B911-8785EF5DC9A6", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "0982CCA5-8834-43D7-8596-F330D7A0A52B", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "B937A033-FDA2-461E-8697-2341A9DE23DB", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "A971D35C-8570-48E2-A6A6-0B2B5966BA56", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "4C0FA7D7-85D0-4E32-950E-1DE6D0C4342C", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "6FABCBE5-BF7B-4D2E-A886-8D38B3B82872", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "19A43BB0-22A6-4715-B556-1DE7CDCAF616", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "CF5BB84E-2F7B-4CC5-81F2-884562C1A18A", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "3E60EF97-0AA1-480F-B03E-26709C58030F", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "EC2B3E51-4AAD-4A1E-951D-6428A0C8D6BA", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "DE681603-E303-4759-B301-37BACF233C76", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "29A021AB-AFB3-473C-8111-AB0C9D10C805", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "48F4A0E1-8004-40DF-8700-35B6BE99F3C0", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "D1456E3E-3B38-42E2-96FE-B14361E30CB2", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "E9601144-D1E1-4F8A-A6C0-447E17F14337", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "2AA1C57D-9B7E-438B-AD71-784F29B8A185", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "21BE9909-DAA0-4A7C-8AAA-42A984FA0AF0", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "74942A53-8D7E-4706-B9C3-EB1C03488684", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "4B95D329-E683-4128-8FC4-300CA974F1F1", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FE68AFE1-0F44-4B37-87E5-C7D658186425", versionEndExcluding: "2021.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "089B7B95-60DC-44AD-A3A8-0F4844CEFB22", versionEndExcluding: "2022.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "1F89B484-5A9E-4C22-A9F7-976EF556C08A", versionEndExcluding: "2023.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "DB97A508-D0AC-47D2-8CA3-156063FFC136", versionEndExcluding: "2021.5", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "D35916C1-A782-42AC-B4D4-4131D8F430C3", versionEndExcluding: "2022.4", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "7A104E6A-8018-4F7F-ADBB-C1F3B29E4F8A", versionEndExcluding: "2023.3.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:maya_usd:*:*:*:*:*:*:*:*", matchCriteriaId: "8389D668-78CB-4CF9-85E0-E37A10D35698", versionEndExcluding: "2022.5", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:maya_usd:*:*:*:*:*:*:*:*", matchCriteriaId: "35B34667-2549-4EEE-B4F6-930DF7A7A8EA", versionEndExcluding: "2023.3", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "BB7E7583-0389-4959-B08E-BA433A32A84C", versionEndExcluding: "2022.4", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "E32A04AB-5C19-4328-9240-5A030E904726", versionEndExcluding: "2023.2", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "3392ACCC-079C-4AF8-A0A8-408711C9D094", versionEndExcluding: "2021.1.8", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:vred:*:*:*:*:*:*:*:*", matchCriteriaId: "CDF50B0E-69C5-4AD9-8C85-E695834E51BE", versionEndExcluding: "2023.4", versionStartIncluding: "2023", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.", }, ], id: "CVE-2023-25004", lastModified: "2024-11-21T07:48:54.893", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-27T19:15:09.383", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 19:15
Modified
2024-11-21 06:23
Severity ?
Summary
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | revit | * | |
| autodesk | revit | * | |
| autodesk | revit | * | |
| autodesk | navisworks | * | |
| autodesk | navisworks | * | |
| autodesk | navisworks | * | |
| autodesk | navisworks | * | |
| autodesk | advance_steel | * | |
| autodesk | autocad | * | |
| autodesk | autocad | * | |
| autodesk | autocad_architecture | * | |
| autodesk | autocad_electrical | * | |
| autodesk | autocad_lt | * | |
| autodesk | autocad_lt | * | |
| autodesk | autocad_map_3d | * | |
| autodesk | autocad_mechanical | * | |
| autodesk | autocad_mep | * | |
| autodesk | autocad_plant_3d | * | |
| autodesk | civil_3d | * | |
| autodesk | design_review | 2018 | |
| autodesk | design_review | 2018 | |
| autodesk | design_review | 2018 | |
| autodesk | design_review | 2018 | |
| autodesk | design_review | 2018 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "6DCAF9B0-8B1F-4625-B04F-DECB699C9770", versionEndExcluding: "2020.2.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "A9BBB8FC-C689-4DF6-B79D-248C0144A5EC", versionEndExcluding: "2021.1.4", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "A29624C7-516C-4E7E-B1FE-43ED3188BC70", versionEndExcluding: "2022.1", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "70EC1A64-F7DD-4835-969F-A9051F06CB60", versionEndExcluding: "2019.6", versionStartIncluding: "2019", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FB5C1908-9829-46DE-881F-57277490BE71", versionEndExcluding: "2020.4", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "AE821566-76A8-43D6-9628-B82CFE9FAC19", versionEndExcluding: "2021.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "CE0E4388-28DB-4D72-BA69-882A121C8C9A", versionEndExcluding: "2022.1", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "67E62F6D-C9D2-4129-A25A-468F150BA2CB", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "4104E0A8-E133-41F9-A60A-368FD2DCC1A3", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", matchCriteriaId: "F7B0B566-F23E-4637-8611-8D055A90F421", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "D42D33AA-39DC-4B60-A87F-2B9A41390EDA", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "D2D4CB47-D77A-4ACA-A606-3E7880729E0C", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "E813870A-AAB5-491F-8ECA-587432AD9935", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "FF16B57E-C704-43BE-94F5-F09493257323", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "1172D845-0F80-45EC-95D6-911556D4032D", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "047BD11C-74A7-47AA-A593-BAACD00D2B89", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "C926403A-E06B-45A7-9693-CF0B78C7C627", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C3807591-D6E0-4BB6-9573-C318A9D4EF60", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "B4C8F3C7-F830-4138-99BD-064F969E4929", versionEndExcluding: "2022.1.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", matchCriteriaId: "213232B9-A40B-436D-A66A-B65C49D59BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*", matchCriteriaId: "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*", matchCriteriaId: "84ED1789-A17F-48F7-A152-09D2A5C59254", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*", matchCriteriaId: "74819924-EB63-4BBF-9986-FEF6100EEE15", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*", matchCriteriaId: "100922EF-C773-4798-B352-B16FCAD48F36", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.", }, { lang: "es", value: "PDFTron antes de la versión 9.0.7 puede ser forzado a leer más allá de los límites asignados al analizar un archivo PDF malicioso. Esta vulnerabilidad puede ser explotada para ejecutar código arbitrario", }, ], id: "CVE-2021-40160", lastModified: "2024-11-21T06:23:41.700", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T19:15:12.117", references: [ { source: "psirt@autodesk.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-23 19:15
Modified
2024-11-21 06:23
Severity ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "8579FBF7-DA4C-48D2-8F9A-2D96D1CBF9A0", versionEndExcluding: "2020.2.5", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "26E05A0E-6DBE-4DC0-A491-2A4419EA8835", versionEndExcluding: "2021.1.6", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "3F027164-A465-47C3-B92C-56A9D8759905", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "9AFAEAD3-55FC-4918-8B74-B78975266C82", versionEndExcluding: "2019.6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FB5C1908-9829-46DE-881F-57277490BE71", versionEndExcluding: "2020.4", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "AE821566-76A8-43D6-9628-B82CFE9FAC19", versionEndExcluding: "2021.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "7AAFCE8D-C6FA-4179-BBD8-134F91261FEC", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "63ABBBCD-A869-47D6-BBBF-30E03F0DCC33", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "525AD44E-386E-42C9-8B2E-90F29855DF4A", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "7CDC63B1-6EA4-48C6-998A-A86A82A74BD4", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "E1BE9431-DC86-4ABB-8EE2-9FADA3B0AEBA", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "0203EC49-7943-4759-B62D-334FAF6B7A83", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "87941CE7-7F89-4A09-BBE8-A0D829273A63", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "6F98B75B-1471-42A7-BCDA-95F7E65B7FD1", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "2C5F50DF-4792-4A29-BB21-5821CA5E3A22", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "F1E40E1E-9B7F-4DB9-BB85-2832297135BC", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "F616B84F-B471-43B9-BC5D-BA6CCE461F56", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "AD0B37E9-4987-4B96-9B31-6168961E1496", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "E9466EE6-83C9-492F-8486-F3E6C1DD9F5A", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "D23CAABD-FB77-4365-B7BC-4330315672AA", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E716111F-273B-48DF-ADEA-44BADE5E7FEB", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "71FA0271-BE55-48AD-B88D-34645684E9DE", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "6DD91E39-A3D8-4806-A778-608FD6C29BB2", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "F1BA4DE9-CCBC-4A08-B6C8-F50490BA2283", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "D9184783-2476-4ED0-9F05-CA2AC68446B3", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "752B8F1C-54E3-4985-97A4-86FBF13E6BFD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "120326C3-E212-4341-A25D-BC3DD50CF228", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "8167B5BF-1B06-414F-9088-A126D7C06515", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "5BAA6D71-2B11-4490-A1C4-652347582EF6", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "6F78C528-605C-46F3-8CF0-828B682745B3", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "B117299A-C5FE-419F-9C1C-DF58A2772055", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "117BA468-7345-4FEA-A0E3-D4110F7472C3", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC04C9D-9E69-4CB7-BF7A-D3B8C0670114", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "8E140DC9-7000-48ED-A5C7-B23023DFB199", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "CC178212-E440-46E9-9F00-60A5516D4D72", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "7D8E7984-95F9-4FF4-AEBB-D60DF9F83D65", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C2A2E5FC-9717-47C1-A223-F90DC572DAB0", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "984491F0-8303-4C6C-B884-00C032D797DD", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "7ED0DB1D-6F37-4C1B-B55E-42F3A4E34299", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "61A9231D-C524-49F5-A8D1-7D70D8034F5D", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "0E59ACB5-8745-46A8-889E-005DEA38925B", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "CFFE146F-4AB2-45B2-9F87-52DD8DC26B85", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "D01E3771-86FD-483D-BCCB-1B1CDD4C482F", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "1885BB08-EF19-4780-92F0-1ED4B18F0DB3", versionEndExcluding: "2019.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "EE4E278B-360E-4F00-8479-9531EB417269", versionEndExcluding: "2020.1.5", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "577AEF72-23CC-45D9-B391-8A3D79DAB5BA", versionEndExcluding: "2021.1.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "82C21398-6A86-4E56-A98E-E80FFCC6732E", versionEndExcluding: "2022.1.2", versionStartIncluding: "2022", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:macos:*:*", matchCriteriaId: "9E2CC26F-F7B5-4BA6-A243-B22A37347A42", versionEndExcluding: "2022.2", versionStartExcluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2020:*:*:*:*:macos:*:*", matchCriteriaId: "5EF0E224-30B2-4A78-89A8-036304BBCE48", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2021:*:*:*:*:macos:*:*", matchCriteriaId: "2FB00DBF-2EC2-433F-9987-189729A46314", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:2022:*:*:*:*:macos:*:*", matchCriteriaId: "68FC54D1-B4FC-404E-9742-72F8340FE3C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:macos:*:*", matchCriteriaId: "FF16B57E-C704-43BE-94F5-F09493257323", versionEndExcluding: "2022.2", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:2020:*:*:*:*:macos:*:*", matchCriteriaId: "FC750C20-98CA-401E-B0AF-5013CE9CB319", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:2021:*:*:*:*:macos:*:*", matchCriteriaId: "164EB7AD-8B17-48E1-A73D-5E5D0012B360", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*", matchCriteriaId: "213232B9-A40B-436D-A66A-B65C49D59BE6", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*", matchCriteriaId: "2D0CF4DC-ACA5-41D0-B28E-CEB5D2C96F71", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*", matchCriteriaId: "84ED1789-A17F-48F7-A152-09D2A5C59254", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*", matchCriteriaId: "74819924-EB63-4BBF-9986-FEF6100EEE15", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*", matchCriteriaId: "100922EF-C773-4798-B352-B16FCAD48F36", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.", }, { lang: "es", value: "Una vulnerabilidad de corrupción de memoria puede conducir a la ejecución de código a través de archivos DLL maliciosamente diseñados a través de PDFTron anterior a la versión 9.0.7", }, ], id: "CVE-2021-40161", lastModified: "2024-11-21T06:23:41.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-23T19:15:12.167", references: [ { source: "psirt@autodesk.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-23 19:15
Modified
2024-11-21 07:48
Severity ?
Summary
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:alias:*:*:*:*:*:*:*:*", matchCriteriaId: "19760052-9480-46D8-B5A3-7F6FE3F74ED6", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "5269098B-1C20-4754-99F9-0A6B97E1490D", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "00EACCCC-CD89-490B-BBC1-F06EA6867AFD", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "5829F52D-F61C-4B79-B724-3388B1B1723A", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*", matchCriteriaId: "70C48E66-DF91-4F0B-B93D-F6372BFC55C9", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "B85E0DDB-60A9-4AEA-BAA3-34E8DF25BF96", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "179FB815-E469-42A1-91CB-B766891C7552", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "CCB04040-8C83-4381-B762-61F0ED8C8CC0", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_advance_steel:*:*:*:*:*:*:*:*", matchCriteriaId: "57C7CD03-53D7-4224-82AE-F7CD929E3F92", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "05FD0056-F524-4475-BB41-0A4CC6E7A3EA", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "ADE81778-A65F-4A23-BDAC-AC28434E0887", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "D042F7CF-2694-437E-B60A-4C324EBAB1F0", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*", matchCriteriaId: "DF68C32D-7015-4513-BEB2-2CFD08DC799B", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "C5FC936E-91AC-4810-9A34-7384096A4922", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "D284FACA-DB0C-4182-96B7-F46EE28B0C54", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "5A628855-3BE7-4B40-AFB7-7819CBD88D21", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_civil_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "A42B62B9-0ABA-4BE8-9115-6E633664FCE6", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "6A46B444-4436-4101-ABF8-DCF3F4E75D18", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E8994887-8E6A-4F6D-8A52-AB676E251B9F", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "731F5891-D398-49AE-BA04-179D9FD18ED2", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*", matchCriteriaId: "E009D956-E27B-435B-A308-9279A7DA2087", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "07A37B8B-7345-463B-A074-D8C2F242A311", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "85F1017C-4552-4A97-B911-8785EF5DC9A6", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "0982CCA5-8834-43D7-8596-F330D7A0A52B", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*", matchCriteriaId: "B937A033-FDA2-461E-8697-2341A9DE23DB", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "A971D35C-8570-48E2-A6A6-0B2B5966BA56", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "4C0FA7D7-85D0-4E32-950E-1DE6D0C4342C", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "6FABCBE5-BF7B-4D2E-A886-8D38B3B82872", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "19A43BB0-22A6-4715-B556-1DE7CDCAF616", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "CF5BB84E-2F7B-4CC5-81F2-884562C1A18A", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "3E60EF97-0AA1-480F-B03E-26709C58030F", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "EC2B3E51-4AAD-4A1E-951D-6428A0C8D6BA", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*", matchCriteriaId: "DE681603-E303-4759-B301-37BACF233C76", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "29A021AB-AFB3-473C-8111-AB0C9D10C805", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "48F4A0E1-8004-40DF-8700-35B6BE99F3C0", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "D1456E3E-3B38-42E2-96FE-B14361E30CB2", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*", matchCriteriaId: "E9601144-D1E1-4F8A-A6C0-447E17F14337", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "2AA1C57D-9B7E-438B-AD71-784F29B8A185", versionEndExcluding: "2020.1.6", versionStartIncluding: "2020", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "21BE9909-DAA0-4A7C-8AAA-42A984FA0AF0", versionEndExcluding: "2021.1.3", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "74942A53-8D7E-4706-B9C3-EB1C03488684", versionEndExcluding: "2022.1.3", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*", matchCriteriaId: "4B95D329-E683-4128-8FC4-300CA974F1F1", versionEndExcluding: "2023.1.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "FE68AFE1-0F44-4B37-87E5-C7D658186425", versionEndExcluding: "2021.2", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "089B7B95-60DC-44AD-A3A8-0F4844CEFB22", versionEndExcluding: "2022.1", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:infraworks:*:*:*:*:*:*:*:*", matchCriteriaId: "1F89B484-5A9E-4C22-A9F7-976EF556C08A", versionEndExcluding: "2023.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "DB97A508-D0AC-47D2-8CA3-156063FFC136", versionEndExcluding: "2021.5", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "D35916C1-A782-42AC-B4D4-4131D8F430C3", versionEndExcluding: "2022.4", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*", matchCriteriaId: "7A104E6A-8018-4F7F-ADBB-C1F3B29E4F8A", versionEndExcluding: "2023.3.1", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:maya_usd:*:*:*:*:*:*:*:*", matchCriteriaId: "8389D668-78CB-4CF9-85E0-E37A10D35698", versionEndExcluding: "2022.5", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:maya_usd:*:*:*:*:*:*:*:*", matchCriteriaId: "35B34667-2549-4EEE-B4F6-930DF7A7A8EA", versionEndExcluding: "2023.3", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "BB7E7583-0389-4959-B08E-BA433A32A84C", versionEndExcluding: "2022.4", versionStartIncluding: "2022", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:navisworks:*:*:*:*:*:*:*:*", matchCriteriaId: "E32A04AB-5C19-4328-9240-5A030E904726", versionEndExcluding: "2023.2", versionStartIncluding: "2023", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*", matchCriteriaId: "3392ACCC-079C-4AF8-A0A8-408711C9D094", versionEndExcluding: "2021.1.8", versionStartIncluding: "2021", vulnerable: true, }, { criteria: "cpe:2.3:a:autodesk:vred:*:*:*:*:*:*:*:*", matchCriteriaId: "CDF50B0E-69C5-4AD9-8C85-E695834E51BE", versionEndExcluding: "2023.4", versionStartIncluding: "2023", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.", }, ], id: "CVE-2023-25003", lastModified: "2024-11-21T07:48:54.767", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-23T19:15:08.983", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }