All the vulnerabilites related to Autodesk - AutoCAD
cve-2024-8598
Vulnerability from cvelistv5
Published
2024-10-29 21:12
Modified
2024-10-30 15:02
Summary
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8598",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:41.264504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:15.403Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u0026nbsp;"
            }
          ],
          "value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:12:53.738Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD ACTranslators STEP File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8598",
    "datePublished": "2024-10-29T21:12:53.738Z",
    "dateReserved": "2024-09-09T05:03:22.098Z",
    "dateUpdated": "2024-10-30T15:02:15.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-41310
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 12:42
Severity ?
Summary
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:42:45.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-41310",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-09-21T00:00:00",
    "dateUpdated": "2024-08-03T12:42:45.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0819
Vulnerability from cvelistv5
Published
2014-02-22 21:00
Modified
2024-08-06 09:27
Severity ?
Summary
Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
References
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000020third-party-advisory, x_refsource_JVNDB
http://jvn.jp/en/jp/JVN43254599/index.htmlthird-party-advisory, x_refsource_JVN
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.140Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2014-000020",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000020"
          },
          {
            "name": "JVN#43254599",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN43254599/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-22T21:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVNDB-2014-000020",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000020"
        },
        {
          "name": "JVN#43254599",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN43254599/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2014-0819",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges via a Trojan horse DLL in the current working directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2014-000020",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000020"
            },
            {
              "name": "JVN#43254599",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN43254599/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2014-0819",
    "datePublished": "2014-02-22T21:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42937
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42937",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33889
Vulnerability from cvelistv5
Published
2022-10-03 14:22
Modified
2024-08-03 08:09
Severity ?
Summary
A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.694Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk\u00ae Design Review, Autodesk\u00ae Advance Steel, Autodesk\u00ae Civil 3D\u00ae",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018, 2023, 2022"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap based Overflow Buffer",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-03T14:22:14",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-33889",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk\u00ae Design Review, Autodesk\u00ae Advance Steel, Autodesk\u00ae Civil 3D\u00ae",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018, 2023, 2022"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap based Overflow Buffer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-33889",
    "datePublished": "2022-10-03T14:22:14",
    "dateReserved": "2022-06-16T00:00:00",
    "dateUpdated": "2024-08-03T08:09:22.694Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8587
Vulnerability from cvelistv5
Published
2024-10-29 21:03
Modified
2024-12-16 05:50
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:55.963535Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:53.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpe": [
            "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
            "cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-16T05:50:35.741Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD SLDPRT File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8587",
    "datePublished": "2024-10-29T21:03:58.156Z",
    "dateReserved": "2024-09-09T03:01:59.536Z",
    "dateUpdated": "2024-12-16T05:50:35.741Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25791
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2024-08-03 04:49
Severity ?
Summary
A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.624Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-11T19:37:51",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-25791",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Corruption "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-25791",
    "datePublished": "2022-04-11T19:37:51",
    "dateReserved": "2022-02-22T00:00:00",
    "dateUpdated": "2024-08-03T04:49:43.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-41309
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 12:42
Severity ?
Summary
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:42:45.418Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-41309",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-09-21T00:00:00",
    "dateUpdated": "2024-08-03T12:42:45.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33890
Vulnerability from cvelistv5
Published
2022-10-03 00:00
Modified
2024-08-03 08:09
Severity ?
Summary
A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.758Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk\u00ae Design Review,",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-14T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0021"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-33890",
    "datePublished": "2022-10-03T00:00:00",
    "dateReserved": "2022-06-16T00:00:00",
    "dateUpdated": "2024-08-03T08:09:22.758Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-29074
Vulnerability from cvelistv5
Published
2023-11-23 03:36
Modified
2024-08-02 14:00
Severity ?
Summary
A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD, Advance Steel and Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2024, 2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T03:36:41.944Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-29074",
    "datePublished": "2023-11-23T03:36:41.944Z",
    "dateReserved": "2023-03-30T21:27:50.092Z",
    "dateUpdated": "2024-08-02T14:00:15.859Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42942
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42942",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40166
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by attackers to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-After-Free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40166",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.562Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33885
Vulnerability from cvelistv5
Published
2022-10-03 14:24
Modified
2024-08-03 08:09
Severity ?
Summary
A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "utodesk\u00ae AutoCAD\u00ae, Advance Steel and Civil 3D\u00ae",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-03T14:24:51",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-33885",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "utodesk\u00ae AutoCAD\u00ae, Advance Steel and Civil 3D\u00ae",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2023, 2022"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-33885",
    "datePublished": "2022-10-03T14:24:51",
    "dateReserved": "2022-06-16T00:00:00",
    "dateUpdated": "2024-08-03T08:09:22.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42933
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42933",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42940
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.454Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42940",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.454Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25789
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2024-08-03 04:49
Severity ?
Summary
A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-11T19:37:50",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-25789",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-after-free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-25789",
    "datePublished": "2022-04-11T19:37:50",
    "dateReserved": "2022-02-22T00:00:00",
    "dateUpdated": "2024-08-03T04:49:43.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-7359
Vulnerability from cvelistv5
Published
2019-04-09 19:22
Modified
2024-08-04 20:46
Severity ?
Summary
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:46:46.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Map 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD P\u0026ID",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use After Free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-13T16:26:16",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2019-7359",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advance Steel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Architecture",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Electrical",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Map 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Mechanical",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD MEP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD P\u0026ID",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD LT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk Civil 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Autodesk"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2019-7359",
    "datePublished": "2019-04-09T19:22:56",
    "dateReserved": "2019-02-04T00:00:00",
    "dateUpdated": "2024-08-04T20:46:46.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40165
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40165",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-27040
Vulnerability from cvelistv5
Published
2021-06-25 12:41
Modified
2024-08-03 20:40
Severity ?
Summary
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:46.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Read Vulnerability ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-07T16:06:28",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-27040",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022, 2021, 2020, 2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Read Vulnerability "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1238/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1236/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-378/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-473/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-27040",
    "datePublished": "2021-06-25T12:41:07",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:46.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-7361
Vulnerability from cvelistv5
Published
2019-04-09 19:22
Modified
2024-08-04 20:46
Severity ?
Summary
An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:46:46.387Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Map 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD P\u0026ID",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Deserialization of Untrusted Data",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T19:22:15",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2019-7361",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Civil 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk Advance Steel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Architecture",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Electrical",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Map 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Mechanical",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD MEP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD P\u0026ID",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD LT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Autodesk"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Deserialization of Untrusted Data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2019-7361",
    "datePublished": "2019-04-09T19:22:15",
    "dateReserved": "2019-02-04T00:00:00",
    "dateUpdated": "2024-08-04T20:46:46.387Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8599
Vulnerability from cvelistv5
Published
2024-10-29 21:13
Modified
2024-10-30 15:02
Summary
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8599",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:39.962735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:07.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u0026nbsp;"
            }
          ],
          "value": "A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:13:32.979Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD ACTranslators STP File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8599",
    "datePublished": "2024-10-29T21:13:32.979Z",
    "dateReserved": "2024-09-09T05:07:41.856Z",
    "dateUpdated": "2024-10-30T15:02:07.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8589
Vulnerability from cvelistv5
Published
2024-10-29 21:07
Modified
2024-10-30 15:03
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:52.742459Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:37.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:07:02.412Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8589",
    "datePublished": "2024-10-29T21:07:02.412Z",
    "dateReserved": "2024-09-09T04:19:18.839Z",
    "dateUpdated": "2024-10-30T15:03:37.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42934
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.524Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42934",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.524Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27912
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2024-08-02 12:23
Severity ?
Summary
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:29.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk AutoCAD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted X_B file when parsed through Autodesk\u00ae AutoCAD\u00ae 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-14T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-27912",
    "datePublished": "2023-04-14T00:00:00",
    "dateReserved": "2023-03-07T00:00:00",
    "dateUpdated": "2024-08-02T12:23:29.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27914
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2024-08-02 12:23
Severity ?
Summary
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk AutoCAD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted X_B file when parsed through Autodesk\u00ae AutoCAD\u00ae 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stack Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-14T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-27914",
    "datePublished": "2023-04-14T00:00:00",
    "dateReserved": "2023-03-07T00:00:00",
    "dateUpdated": "2024-08-02T12:23:30.583Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-41139
Vulnerability from cvelistv5
Published
2023-11-23 03:53
Modified
2024-08-02 18:54
Severity ?
Summary
A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:54:03.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD, Advance Steel and Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2024, 2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted STP file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-822",
              "description": "CWE-822: Untrusted Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T03:53:09.761Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-41139",
    "datePublished": "2023-11-23T03:53:09.761Z",
    "dateReserved": "2023-08-23T17:55:48.799Z",
    "dateUpdated": "2024-08-02T18:54:03.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0818
Vulnerability from cvelistv5
Published
2014-02-22 21:00
Modified
2024-08-06 09:27
Severity ?
Summary
Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.
References
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000019third-party-advisory, x_refsource_JVNDB
http://jvn.jp/en/jp/JVN33382534/index.htmlthird-party-advisory, x_refsource_JVN
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:20.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2014-000019",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000019"
          },
          {
            "name": "JVN#33382534",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN33382534/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-02-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-24T05:57:03",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVNDB-2014-000019",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000019"
        },
        {
          "name": "JVN#33382534",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN33382534/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2014-0818",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2014-000019",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000019"
            },
            {
              "name": "JVN#33382534",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN33382534/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2014-0818",
    "datePublished": "2014-02-22T21:00:00",
    "dateReserved": "2014-01-06T00:00:00",
    "dateUpdated": "2024-08-06T09:27:20.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40159
Vulnerability from cvelistv5
Published
2022-01-25 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Inventor",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in conjunction with other vulnerabilities may lead to code execution through maliciously crafted JT files in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-282/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-289/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40159",
    "datePublished": "2022-01-25T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42936
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42936",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42939
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42939",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40164
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.502Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap-based Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40164",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25795
Vulnerability from cvelistv5
Published
2022-04-13 00:00
Modified
2024-08-03 04:49
Severity ?
Summary
A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010%3B"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT,  Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 9.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 may lead to remote code execution through maliciously crafted DWG files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-11T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
        },
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010%3B"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-25795",
    "datePublished": "2022-04-13T00:00:00",
    "dateReserved": "2022-02-22T00:00:00",
    "dateUpdated": "2024-08-03T04:49:43.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-27043
Vulnerability from cvelistv5
Published
2021-06-25 12:41
Modified
2024-08-03 20:40
Severity ?
Summary
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Write-what-where Condition Vulnerabiliity",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-13T17:06:07",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-27043",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Write-what-where Condition Vulnerabiliity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-27043",
    "datePublished": "2021-06-25T12:41:26",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:47.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27869
Vulnerability from cvelistv5
Published
2022-06-21 14:23
Modified
2024-08-03 05:41
Severity ?
Summary
A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:41:10.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Read Vulnerability ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-21T14:23:32",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-27869",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2023"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Read Vulnerability "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-27869",
    "datePublished": "2022-06-21T14:23:32",
    "dateReserved": "2022-03-25T00:00:00",
    "dateUpdated": "2024-08-03T05:41:10.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25004
Vulnerability from cvelistv5
Published
2023-06-27 00:00
Modified
2024-12-05 14:40
Severity ?
Summary
A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:11:43.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T14:39:57.188378Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T14:40:18.983Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk products",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022, 2021, 2020"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-27T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-25004",
    "datePublished": "2023-06-27T00:00:00",
    "dateReserved": "2023-02-01T00:00:00",
    "dateUpdated": "2024-12-05T14:40:18.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42941
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42941",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-29075
Vulnerability from cvelistv5
Published
2023-11-23 03:39
Modified
2024-10-15 17:46
Severity ?
Summary
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-29075",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:36:14.228108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T17:46:11.626Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD, Advance Steel and Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2024, 2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T03:39:44.267Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-29075",
    "datePublished": "2023-11-23T03:39:44.267Z",
    "dateReserved": "2023-03-30T21:27:50.092Z",
    "dateUpdated": "2024-10-15T17:46:11.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-3665
Vulnerability from cvelistv5
Published
2013-07-18 14:00
Modified
2024-09-17 04:23
Severity ?
Summary
Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:14:56.593Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?id=21972896\u0026linkID=9240618\u0026siteID=123112"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://images.autodesk.com/adsk/files/Autodesk_AutoCAD_Code_Execution_Vulnerability_Hotfix_Readme.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-07-18T14:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?id=21972896\u0026linkID=9240618\u0026siteID=123112"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://images.autodesk.com/adsk/files/Autodesk_AutoCAD_Code_Execution_Vulnerability_Hotfix_Readme.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT through 2014, and DWG TrueView through 2014 allows remote attackers to execute arbitrary code via a crafted DWG file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?id=21972896\u0026linkID=9240618\u0026siteID=123112",
              "refsource": "CONFIRM",
              "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?id=21972896\u0026linkID=9240618\u0026siteID=123112"
            },
            {
              "name": "http://images.autodesk.com/adsk/files/Autodesk_AutoCAD_Code_Execution_Vulnerability_Hotfix_Readme.pdf",
              "refsource": "CONFIRM",
              "url": "http://images.autodesk.com/adsk/files/Autodesk_AutoCAD_Code_Execution_Vulnerability_Hotfix_Readme.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3665",
    "datePublished": "2013-07-18T14:00:00Z",
    "dateReserved": "2013-05-24T00:00:00Z",
    "dateUpdated": "2024-09-17T04:23:51.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42935
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42935",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-7364
Vulnerability from cvelistv5
Published
2019-08-23 19:36
Modified
2024-08-04 20:46
Severity ?
Summary
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:46:46.182Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD P\u0026ID",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2017, 2018, 2019, 2020"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P\u0026ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "DLL preloading vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-23T19:36:17",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2019-7364",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D, AutoCAD P\u0026ID",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2017, 2018, 2019, 2020"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P\u0026ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "DLL preloading vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002",
              "refsource": "CONFIRM",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2019-7364",
    "datePublished": "2019-08-23T19:36:17",
    "dateReserved": "2019-02-04T00:00:00",
    "dateUpdated": "2024-08-04T20:46:46.182Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40161
Vulnerability from cvelistv5
Published
2021-12-23 18:31
Modified
2024-08-04 02:27
Severity ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.589Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT,  Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 9.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-18T16:20:49",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-40161",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT,  Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 9.0.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Corruption Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40161",
    "datePublished": "2021-12-23T18:31:43",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.589Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8593
Vulnerability from cvelistv5
Published
2024-10-29 21:08
Modified
2024-10-30 15:03
Summary
A maliciously crafted CATPART file when parsed in ASMKERN230A.dll through Autodesk AutoCAD can force a Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:48.544566Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:06.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted CATPART file when parsed in ASMKERN230A.dll through Autodesk AutoCAD can force a Out-of-Bounds Write vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u0026nbsp;"
            }
          ],
          "value": "A maliciously crafted CATPART file when parsed in ASMKERN230A.dll through Autodesk AutoCAD can force a Out-of-Bounds Write vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:08:53.971Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8593",
    "datePublished": "2024-10-29T21:08:53.971Z",
    "dateReserved": "2024-09-09T04:41:53.966Z",
    "dateUpdated": "2024-10-30T15:03:06.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25790
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2024-08-03 04:49
Severity ?
Summary
A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Navisworks, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022.1, 2022.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-11T19:37:51",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-25790",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Navisworks, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022.1, 2022.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of this vulnerability may lead to code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-25790",
    "datePublished": "2022-04-11T19:37:51",
    "dateReserved": "2022-02-22T00:00:00",
    "dateUpdated": "2024-08-03T04:49:43.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40160
Vulnerability from cvelistv5
Published
2021-12-23 18:31
Modified
2024-08-04 02:27
Severity ?
Summary
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT,  Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 9.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Read Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-18T16:20:48",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-40160",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Revit, Navisworks, Autodesk\u00ae Advance Steel, AutoCAD\u00ae, AutoCAD\u00ae Architecture, AutoCAD\u00ae Electrical, AutoCAD\u00ae Map 3D, AutoCAD\u00ae Mechanical, AutoCAD\u00ae MEP, AutoCAD\u00ae Plant 3D, AutoCAD\u00ae LT,  Autodesk\u00ae Civil 3D, AutoCAD\u00ae Mac, AutoCAD\u00ae LT for Mac",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 9.0.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Read Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0010"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40160",
    "datePublished": "2021-12-23T18:31:31",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-29073
Vulnerability from cvelistv5
Published
2023-11-23 03:07
Modified
2024-08-02 14:00
Severity ?
Summary
A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD, Advance Steel and Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2024, 2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T03:07:13.478Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-29073",
    "datePublished": "2023-11-23T03:07:13.478Z",
    "dateReserved": "2023-03-30T21:27:50.091Z",
    "dateUpdated": "2024-08-02T14:00:15.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9827
Vulnerability from cvelistv5
Published
2024-10-29 21:14
Modified
2024-10-30 15:01
Summary
A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9827",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:36.054365Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:41.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:14:55.716Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD ACTranslators CATPART File Parsing Out-Of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9827",
    "datePublished": "2024-10-29T21:14:55.716Z",
    "dateReserved": "2024-10-10T19:01:38.304Z",
    "dateUpdated": "2024-10-30T15:01:41.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8597
Vulnerability from cvelistv5
Published
2024-10-29 21:12
Modified
2024-10-30 15:02
Summary
A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:43.008403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:24.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:12:24.663Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD STEP File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8597",
    "datePublished": "2024-10-29T21:12:24.663Z",
    "dateReserved": "2024-09-09T04:59:35.505Z",
    "dateUpdated": "2024-10-30T15:02:24.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27871
Vulnerability from cvelistv5
Published
2022-06-21 14:23
Modified
2024-08-03 05:41
Severity ?
Summary
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:41:10.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020,2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap-based Buffer Overflow vul",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-21T14:23:33",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-27871",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022, 2021, 2020,2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap-based Buffer Overflow vul"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-27871",
    "datePublished": "2022-06-21T14:23:33",
    "dateReserved": "2022-03-25T00:00:00",
    "dateUpdated": "2024-08-03T05:41:10.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7992
Vulnerability from cvelistv5
Published
2024-10-29 21:50
Modified
2024-11-15 21:35
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7992",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:27.431632Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:32.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWG file, when parsed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:35:26.842Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG Stack-Based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7992",
    "datePublished": "2024-10-29T21:50:13.232Z",
    "dateReserved": "2024-08-19T21:37:08.684Z",
    "dateUpdated": "2024-11-15T21:35:26.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8595
Vulnerability from cvelistv5
Published
2024-10-29 21:10
Modified
2024-10-30 15:02
Summary
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8595",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:46.090065Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:46.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:10:46.829Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD MODEL File Parsing Use-After-Free Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8595",
    "datePublished": "2024-10-29T21:10:46.829Z",
    "dateReserved": "2024-09-09T04:51:46.055Z",
    "dateUpdated": "2024-10-30T15:02:46.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7991
Vulnerability from cvelistv5
Published
2024-10-29 21:49
Modified
2024-11-15 21:41
Summary
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7991",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:28.629296Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:49.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDW\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eG\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e f\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eile,\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen parsed\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethrough Autodesk \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAutoCAD\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e and certain AutoCAD-based products,\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e can force an Out-of-Bound\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e Write. A malicious actor can \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003el\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eeverage\u003c/span\u003e \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ethis vulnerability to cause a crash, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eread\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e sensitive data, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:41:39.238Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG Out-of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7991",
    "datePublished": "2024-10-29T21:49:02.128Z",
    "dateReserved": "2024-08-19T21:37:04.701Z",
    "dateUpdated": "2024-11-15T21:41:39.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27529
Vulnerability from cvelistv5
Published
2022-04-18 16:20
Modified
2024-08-03 05:32
Severity ?
Summary
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:58.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-18T16:20:27",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-27529",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022, 2021, 2020, 2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-27529",
    "datePublished": "2022-04-18T16:20:27",
    "dateReserved": "2022-03-21T00:00:00",
    "dateUpdated": "2024-08-03T05:32:58.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42938
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42938",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33884
Vulnerability from cvelistv5
Published
2022-10-03 14:24
Modified
2024-08-03 08:09
Severity ?
Summary
Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "utodesk\u00ae AutoCAD\u00ae, Advance Steel and Civil 3D\u00ae",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Read ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-03T14:24:47",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-33884",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "utodesk\u00ae AutoCAD\u00ae, Advance Steel and Civil 3D\u00ae",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2023, 2022"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Read "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-33884",
    "datePublished": "2022-10-03T14:24:47",
    "dateReserved": "2022-06-16T00:00:00",
    "dateUpdated": "2024-08-03T08:09:22.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27868
Vulnerability from cvelistv5
Published
2022-06-21 14:23
Modified
2024-08-03 05:41
Severity ?
Summary
A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:41:10.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free vulnerability ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-21T14:23:35",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-27868",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2023"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-27868",
    "datePublished": "2022-06-21T14:23:35",
    "dateReserved": "2022-03-25T00:00:00",
    "dateUpdated": "2024-08-03T05:41:10.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8594
Vulnerability from cvelistv5
Published
2024-10-29 21:09
Modified
2024-10-30 15:02
Summary
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8594",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:47.322086Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:55.732Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:09:53.149Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8594",
    "datePublished": "2024-10-29T21:09:53.149Z",
    "dateReserved": "2024-09-09T04:47:17.676Z",
    "dateUpdated": "2024-10-30T15:02:55.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-4710
Vulnerability from cvelistv5
Published
2006-02-10 11:00
Modified
2024-08-07 23:53
Severity ?
Summary
Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:53:28.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
          },
          {
            "name": "18682",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18682"
          },
          {
            "name": "autodesk-gain-privileges(24460)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
          },
          {
            "name": "16472",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16472"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user\u0027s computer,\" aka ID DL5549329."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
        },
        {
          "name": "18682",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18682"
        },
        {
          "name": "autodesk-gain-privileges(24460)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
        },
        {
          "name": "16472",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16472"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4710",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to \"gain inappropriate access to another local user\u0027s computer,\" aka ID DL5549329."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232",
              "refsource": "CONFIRM",
              "url": "http://usa.autodesk.com/adsk/servlet/ps/dl/item?siteID=123112\u0026id=5549329\u0026linkID=4183232"
            },
            {
              "name": "18682",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18682"
            },
            {
              "name": "autodesk-gain-privileges(24460)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24460"
            },
            {
              "name": "16472",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16472"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4710",
    "datePublished": "2006-02-10T11:00:00",
    "dateReserved": "2006-02-10T00:00:00",
    "dateUpdated": "2024-08-07T23:53:28.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9996
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2024-11-15 21:39
Summary
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:30.961199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:08.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:39:50.983Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9996",
    "datePublished": "2024-10-29T21:45:17.527Z",
    "dateReserved": "2024-10-15T13:39:36.931Z",
    "dateUpdated": "2024-11-15T21:39:50.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-5241
Vulnerability from cvelistv5
Published
2012-09-07 10:00
Modified
2024-09-16 20:27
Severity ?
Summary
Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 2010 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) IBFS32.DLL file in the current working directory, as demonstrated by a directory that contains a .dwg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
http://secunia.com/advisories/41156third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:09.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "41156",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41156"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 2010 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) IBFS32.DLL file in the current working directory, as demonstrated by a directory that contains a .dwg file.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-07T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "41156",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41156"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-5241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple untrusted search path vulnerabilities in Autodesk AutoCAD 2010 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) IBFS32.DLL file in the current working directory, as demonstrated by a directory that contains a .dwg file.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "41156",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41156"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-5241",
    "datePublished": "2012-09-07T10:00:00Z",
    "dateReserved": "2012-09-07T00:00:00Z",
    "dateUpdated": "2024-09-16T20:27:25.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33887
Vulnerability from cvelistv5
Published
2022-10-03 14:24
Modified
2024-08-03 08:09
Severity ?
Summary
A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "utodesk\u00ae AutoCAD\u00ae, Advance Steel and Civil 3D\u00ae",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap based Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-03T14:24:56",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-33887",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "utodesk\u00ae AutoCAD\u00ae, Advance Steel and Civil 3D\u00ae",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2023, 2022"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-33887",
    "datePublished": "2022-10-03T14:24:56",
    "dateReserved": "2022-06-16T00:00:00",
    "dateUpdated": "2024-08-03T08:09:22.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9826
Vulnerability from cvelistv5
Published
2024-10-29 21:14
Modified
2024-10-30 15:01
Summary
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9826",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:37.301745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:50.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:14:31.382Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD ACTranslators 3DM File Parsing Use-After-Free Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9826",
    "datePublished": "2024-10-29T21:14:31.382Z",
    "dateReserved": "2024-10-10T18:38:23.523Z",
    "dateUpdated": "2024-10-30T15:01:50.007Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8591
Vulnerability from cvelistv5
Published
2024-10-29 21:08
Modified
2024-10-30 15:03
Summary
A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8591",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:49.844455Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:18.188Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:08:22.860Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD 3DM File Parsing Heap-based Buffer Overflow Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8591",
    "datePublished": "2024-10-29T21:08:22.860Z",
    "dateReserved": "2024-09-09T04:34:57.640Z",
    "dateUpdated": "2024-10-30T15:03:18.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42943
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42943",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-42944
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 13:19
Severity ?
Summary
A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:19:05.485Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory corruption vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-21T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-42944",
    "datePublished": "2022-10-21T00:00:00",
    "dateReserved": "2022-10-14T00:00:00",
    "dateUpdated": "2024-08-03T13:19:05.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-29068
Vulnerability from cvelistv5
Published
2023-06-27 00:00
Modified
2024-12-05 14:41
Severity ?
Summary
A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:14.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T14:41:27.413833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T14:41:43.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk products",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022, 2021, 2020"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "memory corruption vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-27T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-29068",
    "datePublished": "2023-06-27T00:00:00",
    "dateReserved": "2023-03-30T00:00:00",
    "dateUpdated": "2024-12-05T14:41:43.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-29067
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2024-08-02 14:00
Severity ?
Summary
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:14.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk AutoCAD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted X_B file when parsed through Autodesk\u00ae AutoCAD\u00ae 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-14T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-29067",
    "datePublished": "2023-04-14T00:00:00",
    "dateReserved": "2023-03-30T00:00:00",
    "dateUpdated": "2024-08-02T14:00:14.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8896
Vulnerability from cvelistv5
Published
2024-10-29 21:43
Modified
2024-11-15 21:37
Summary
A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8896",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:33.412413Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:25.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DXF file when parsed in acdb25.dll\u0026nbsp;through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted DXF file when parsed in acdb25.dll\u00a0through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-908",
              "description": "CWE-908 Use of Uninitialized Resource",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:37:12.563Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DXF File Parsing Unitialized Variable Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8896",
    "datePublished": "2024-10-29T21:43:11.437Z",
    "dateReserved": "2024-09-16T14:34:49.668Z",
    "dateUpdated": "2024-11-15T21:37:12.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40163
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40163",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33886
Vulnerability from cvelistv5
Published
2022-10-03 00:00
Modified
2024-08-03 08:09
Severity ?
Summary
A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Maya",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023, 2022, 2021, 2020, and Maya 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. A malicious actor could leverage this vulnerability to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-17T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-33886",
    "datePublished": "2022-10-03T00:00:00",
    "dateReserved": "2022-06-16T00:00:00",
    "dateUpdated": "2024-08-03T08:09:22.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27913
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2024-08-02 12:23
Severity ?
Summary
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk AutoCAD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted X_B file when parsed through Autodesk\u00ae AutoCAD\u00ae 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-14T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-27913",
    "datePublished": "2023-04-14T00:00:00",
    "dateReserved": "2023-03-07T00:00:00",
    "dateUpdated": "2024-08-02T12:23:30.411Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27530
Vulnerability from cvelistv5
Published
2022-04-18 16:20
Modified
2024-08-03 05:32
Severity ?
Summary
A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:32:59.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-18T16:20:28",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-27530",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022, 2021, 2020, 2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-27530",
    "datePublished": "2022-04-18T16:20:28",
    "dateReserved": "2022-03-21T00:00:00",
    "dateUpdated": "2024-08-03T05:32:59.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-25003
Vulnerability from cvelistv5
Published
2023-06-23 00:00
Modified
2024-12-05 17:10
Severity ?
Summary
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:11:43.401Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-25003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T17:09:59.558363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T17:10:10.146Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": " AutoCAD, Maya ",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "out-of-bound read write / read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-23T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0009"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-25003",
    "datePublished": "2023-06-23T00:00:00",
    "dateReserved": "2023-02-01T00:00:00",
    "dateUpdated": "2024-12-05T17:10:10.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8588
Vulnerability from cvelistv5
Published
2024-10-29 21:06
Modified
2024-10-30 15:03
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:54.487477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:46.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:06:17.695Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD SLDPRT File Parsing Out-Of-Bounds Read Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8588",
    "datePublished": "2024-10-29T21:06:17.695Z",
    "dateReserved": "2024-09-09T04:11:56.456Z",
    "dateUpdated": "2024-10-30T15:03:46.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40158
Vulnerability from cvelistv5
Published
2022-01-25 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.854Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Inventor",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-287/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-283/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-288/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-286/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-284/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-285/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-281/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-449/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-441/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-453/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-444/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-447/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-448/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-452/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-445/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-466/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-451/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-454/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-443/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-450/"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-455/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40158",
    "datePublished": "2022-01-25T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8600
Vulnerability from cvelistv5
Published
2024-10-29 21:14
Modified
2024-10-30 15:01
Summary
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:38.514092Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:58.383Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:14:01.152Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8600",
    "datePublished": "2024-10-29T21:14:01.152Z",
    "dateReserved": "2024-09-09T05:11:47.491Z",
    "dateUpdated": "2024-10-30T15:01:58.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-27915
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2024-08-02 12:23
Severity ?
Summary
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:23:30.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk AutoCAD",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted X_B file when parsed through Autodesk\u00ae AutoCAD\u00ae 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-14T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0005"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-27915",
    "datePublished": "2023-04-14T00:00:00",
    "dateReserved": "2023-03-07T00:00:00",
    "dateUpdated": "2024-08-02T12:23:30.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-27042
Vulnerability from cvelistv5
Published
2021-06-25 12:41
Modified
2024-08-03 20:40
Severity ?
Summary
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption Vulnerability ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-13T17:06:06",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-27042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Corruption Vulnerability "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-27042",
    "datePublished": "2021-06-25T12:41:19",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:47.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-29076
Vulnerability from cvelistv5
Published
2023-11-23 03:45
Modified
2024-12-02 20:32
Severity ?
Summary
A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:00:15.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29076",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T20:32:49.055057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T20:32:57.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD, Advance Steel and Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2024, 2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 could cause memory corruption vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.\n"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T03:45:53.401Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-29076",
    "datePublished": "2023-11-23T03:45:53.401Z",
    "dateReserved": "2023-03-30T21:27:50.092Z",
    "dateUpdated": "2024-12-02T20:32:57.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25788
Vulnerability from cvelistv5
Published
2022-04-19 20:26
Modified
2024-08-03 04:49
Severity ?
Summary
A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.514Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Write",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T20:26:31",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-25788",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to write beyond the allocated buffer while parsing JT files. This vulnerability can be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Write"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-25788",
    "datePublished": "2022-04-19T20:26:31",
    "dateReserved": "2022-02-22T00:00:00",
    "dateUpdated": "2024-08-03T04:49:43.514Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-40162
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-04 02:27
Severity ?
Summary
A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-Band Read",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-40162",
    "datePublished": "2022-10-07T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8592
Vulnerability from cvelistv5
Published
2024-10-29 21:39
Modified
2024-10-30 15:01
Summary
A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8592",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:34.701094Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:34.310Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2024.1.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:39:37.707Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0020"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD CATPART File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8592",
    "datePublished": "2024-10-29T21:39:37.707Z",
    "dateReserved": "2024-09-09T04:38:44.793Z",
    "dateUpdated": "2024-10-30T15:01:34.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8590
Vulnerability from cvelistv5
Published
2024-10-29 21:07
Modified
2024-10-30 15:03
Summary
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:51.045399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:03:28.300Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:07:47.121Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD 3DM File Parsing Use-After-Free Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8590",
    "datePublished": "2024-10-29T21:07:47.121Z",
    "dateReserved": "2024-09-09T04:30:14.958Z",
    "dateUpdated": "2024-10-30T15:03:28.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-7358
Vulnerability from cvelistv5
Published
2019-04-09 19:22
Modified
2024-08-04 20:46
Severity ?
Summary
An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:46:46.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Map 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD P\u0026ID",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-09T19:22:39",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2019-7358",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk AutoCAD LT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk Civil 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk Advance Steel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Architecture",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Electrical",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Map 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Mechanical",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD MEP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD P\u0026ID",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Autodesk"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2019-7358",
    "datePublished": "2019-04-09T19:22:39",
    "dateReserved": "2019-02-04T00:00:00",
    "dateUpdated": "2024-08-04T20:46:46.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33888
Vulnerability from cvelistv5
Published
2022-10-03 14:24
Modified
2024-08-03 08:09
Severity ?
Summary
A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "utodesk\u00ae AutoCAD\u00ae, Advance Steel and Civil 3D\u00ae",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023, 2022"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Corruption",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-03T14:24:59",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-33888",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "utodesk\u00ae AutoCAD\u00ae, Advance Steel and Civil 3D\u00ae",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2023, 2022"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Corruption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0020"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-33888",
    "datePublished": "2022-10-03T14:24:59",
    "dateReserved": "2022-06-16T00:00:00",
    "dateUpdated": "2024-08-03T08:09:22.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9489
Vulnerability from cvelistv5
Published
2024-10-29 21:44
Modified
2024-11-15 21:38
Summary
A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:32.196438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:01:17.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:38:35.308Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9489",
    "datePublished": "2024-10-29T21:44:39.027Z",
    "dateReserved": "2024-10-03T18:19:18.769Z",
    "dateUpdated": "2024-11-15T21:38:35.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-7360
Vulnerability from cvelistv5
Published
2019-04-09 19:21
Modified
2024-08-04 20:46
Severity ?
Summary
An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:46:46.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Map 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD P\u0026ID",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        },
        {
          "product": "Autodesk AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2018"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Heap Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-13T16:32:48",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2019-7360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Civil 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk Advance Steel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Architecture",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Electrical",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Map 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Mechanical",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD MEP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD P\u0026ID",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Autodesk AutoCAD LT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Autodesk"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P\u0026ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Heap Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2019-7360",
    "datePublished": "2019-04-09T19:21:46",
    "dateReserved": "2019-02-04T00:00:00",
    "dateUpdated": "2024-08-04T20:46:46.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-41140
Vulnerability from cvelistv5
Published
2023-11-23 03:56
Modified
2024-08-02 18:54
Severity ?
Summary
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:54:04.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD, Advance Steel and Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2024, 2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T03:56:11.372Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0018"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2023-41140",
    "datePublished": "2023-11-23T03:56:11.372Z",
    "dateReserved": "2023-08-23T17:55:48.800Z",
    "dateUpdated": "2024-08-02T18:54:04.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-33881
Vulnerability from cvelistv5
Published
2022-07-29 15:18
Modified
2024-08-03 08:09
Severity ?
Summary
Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T08:09:22.698Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0014"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Read vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-29T15:18:44",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0014"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-33881",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2023"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Read vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0014",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0014"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-33881",
    "datePublished": "2022-07-29T15:18:44",
    "dateReserved": "2022-06-16T00:00:00",
    "dateUpdated": "2024-08-03T08:09:22.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-7305
Vulnerability from cvelistv5
Published
2024-08-19 23:28
Modified
2024-10-23 16:38
Summary
A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD Architecture Version: 2025
Version: 2024
Autodesk AutoCAD Electrical Version: 2025
Version: 2024
Autodesk AutoCAD Mechanical Version: 2025
Version: 2024
Autodesk AutoCAD MEP Version: 2025
Version: 2024
Autodesk AutoCAD Plant 3D Version: 2025
Version: 2024
Autodesk Civil 3D Version: 2025
Version: 2024
Autodesk Advance Steel Version: 2025
Version: 2024
Autodesk AutoCAD LT Version: 2025
Version: 2024
Autodesk DWG TrueView Version: 2025
Version: 2024
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mep",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_plant_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_architecture",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_electrical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_mechanical",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_civil_3d:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_civil_3d",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autocad_lt",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "dwg_trueview",
            "vendor": "autodesk",
            "versions": [
              {
                "status": "affected",
                "version": "2025"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7305",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T15:12:19.030297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T15:25:35.299Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Civil 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            },
            {
              "status": "affected",
              "version": "2024"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/p\u003e"
            }
          ],
          "value": "A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-23T16:38:02.033Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0014"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DWF Vulnerability in Autodesk Desktop Software",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-7305",
    "datePublished": "2024-08-19T23:28:23.356Z",
    "dateReserved": "2024-07-30T19:31:26.704Z",
    "dateUpdated": "2024-10-23T16:38:02.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-27039
Vulnerability from cvelistv5
Published
2021-07-09 14:18
Modified
2024-08-03 20:40
Severity ?
Summary
A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.228Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Design Review",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2018,\u00a02017,\u00a02013, 2012, 2011"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Uninitialized Variable Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-18T16:20:51",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-27039",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Design Review",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2018,\u00a02017,\u00a02013, 2012, 2011"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. This vulnerability can be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Uninitialized Variable Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-27039",
    "datePublished": "2021-07-09T14:18:21",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:47.228Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25792
Vulnerability from cvelistv5
Published
2022-04-11 19:37
Modified
2024-08-03 04:49
Severity ?
Summary
A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:49:43.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-11T19:37:52",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-25792",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability can be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0005"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-25792",
    "datePublished": "2022-04-11T19:37:52",
    "dateReserved": "2022-02-22T00:00:00",
    "dateUpdated": "2024-08-03T04:49:43.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-8596
Vulnerability from cvelistv5
Published
2024-10-29 21:11
Modified
2024-10-30 15:02
Summary
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force an Out-of-Bound Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8596",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:44.864873Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:02:35.307Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force an Out-of-Bound Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
            }
          ],
          "value": "A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force an Out-of-Bound Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-29T21:11:36.053Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD MODEL File Parsing Out-Of-Bounds Write Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-8596",
    "datePublished": "2024-10-29T21:11:36.053Z",
    "dateReserved": "2024-09-09T04:55:18.208Z",
    "dateUpdated": "2024-10-30T15:02:35.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27867
Vulnerability from cvelistv5
Published
2022-06-21 14:23
Modified
2024-08-03 05:41
Severity ?
Summary
A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:41:10.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Inventor, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022, 2021, 2020, 2019"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use-after-free vulnerability ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-21T14:23:34",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-27867",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Inventor, Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022, 2021, 2020, 2019"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use-after-free vulnerability "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-27867",
    "datePublished": "2022-06-21T14:23:34",
    "dateReserved": "2022-03-25T00:00:00",
    "dateUpdated": "2024-08-03T05:41:10.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-27870
Vulnerability from cvelistv5
Published
2022-06-21 14:23
Modified
2024-08-03 05:41
Severity ?
Summary
A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:41:10.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Write Vulnerability ",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-21T14:23:36",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2022-27870",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2023"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Write Vulnerability "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2022-27870",
    "datePublished": "2022-06-21T14:23:36",
    "dateReserved": "2022-03-25T00:00:00",
    "dateUpdated": "2024-08-03T05:41:10.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-27041
Vulnerability from cvelistv5
Published
2021-06-25 12:41
Modified
2024-08-03 20:40
Severity ?
Summary
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2022.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bound Write Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-13T17:06:06",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@autodesk.com",
          "ID": "CVE-2021-27041",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2022.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bound Write Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007",
              "refsource": "MISC",
              "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2021-27041",
    "datePublished": "2021-06-25T12:41:13",
    "dateReserved": "2021-02-09T00:00:00",
    "dateUpdated": "2024-08-03T20:40:47.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-9997
Vulnerability from cvelistv5
Published
2024-10-29 21:45
Modified
2024-11-15 21:41
Summary
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
Impacted products
Vendor Product Version
Autodesk AutoCAD LT Version: 2025
Autodesk AutoCAD Architecture Version: 2025
Autodesk AutoCAD Electrical Version: 2025
Autodesk AutoCAD Mechanical Version: 2025
Autodesk AutoCAD MEP Version: 2025
Autodesk AutoCAD Plant 3D Version: 2025
AutoCAD Civil 3D Version: 2025
Autodesk Advance Steel Version: 2025
Autodesk DWG TrueView Version: 2025
Autodesk Infrastructure Parts Editor Version: 2025
Autodesk Inventor Version: 2025
Autodesk Navisworks Manage Version: 2025
Autodesk Navisworks Simulate Version: 2025
Autodesk Revit Version: 2025
Autodesk Vault Basic Client Version: 2025
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-9997",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T13:51:29.745174Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T15:00:57.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD LT",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Architecture",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Electrical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Mechanical",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD MEP",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "AutoCAD Plant 3D",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Civil 3D",
          "vendor": "AutoCAD",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Advance Steel",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "DWG TrueView",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Infrastructure Parts Editor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Inventor",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Manage",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Navisworks Simulate",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Revit",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Vault Basic Client",
          "vendor": "Autodesk",
          "versions": [
            {
              "status": "affected",
              "version": "2025"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
            }
          ],
          "value": "A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability.  A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T21:41:09.391Z",
        "orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
        "shortName": "autodesk"
      },
      "references": [
        {
          "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0021"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Autodesk AutoCAD DWG File Parsing Memory Corruption Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
    "assignerShortName": "autodesk",
    "cveId": "CVE-2024-9997",
    "datePublished": "2024-10-29T21:45:59.005Z",
    "dateReserved": "2024-10-15T13:39:39.800Z",
    "dateUpdated": "2024-11-15T21:41:09.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

var-202106-1815
Vulnerability from variot

A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040 Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1815",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "autocad",
        "scope": null,
        "trust": 5.6,
        "vendor": "autodesk",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": null,
        "trust": 2.1,
        "vendor": "iconics",
        "version": null
      },
      {
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "dwg trueview",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.1.1"
      },
      {
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "mc works64",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "4.04e"
      },
      {
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "dwg trueview",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad architecture",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "genesis64",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "10.97"
      },
      {
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "genesis64",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      },
      {
        "model": "mc works64",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.1.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.97",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.04e",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      }
    ],
    "trust": 7.0
  },
  "cve": "CVE-2021-27040",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-27040",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27040",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 4.2,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27040",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 3.5,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27040",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-003350",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2021-27040",
            "trust": 4.2,
            "value": "HIGH"
          },
          {
            "author": "ZDI",
            "id": "CVE-2021-27040",
            "trust": 3.5,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-27040",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2021-003350",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-1561",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.* Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040* Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 9.09
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-27040",
        "trust": 10.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378",
        "trust": 2.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-294-01",
        "trust": 1.4
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-712",
        "trust": 1.3
      },
      {
        "db": "JVN",
        "id": "JVNVU94862669",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12150",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12119",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12118",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12117",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12094",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12077",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12076",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-14065",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-14060",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-14059",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-15570",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021102205",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062421",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042625",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3527",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "id": "VAR-202106-1815",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.685964935
  },
  "last_update_date": "2022-05-16T22:51:40.714000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Autodesk has issued an update to correct this vulnerability.",
        "trust": 4.9,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
      },
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 1.4,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
      },
      {
        "title": "GENESIS64 and MC\u00a0Works64 of AutoCAD(DWG) Information leakage and malicious program execution vulnerability in file import function",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-017.pdf"
      },
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-294-01"
      },
      {
        "title": "Autodesk has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
      },
      {
        "title": "Autodesk AutoCAD Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155357"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-125",
        "trust": 1.0
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [ Other ]",
        "trust": 0.8
      },
      {
        "problemtype": " Out-of-bounds read (CWE-125) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 7.3,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
      },
      {
        "trust": 2.8,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
      },
      {
        "trust": 2.2,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-1236/"
      },
      {
        "trust": 2.2,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-22-378/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-1238/"
      },
      {
        "trust": 1.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-22-473/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu94862669/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27041"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27040"
      },
      {
        "trust": 0.7,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-294-01"
      },
      {
        "trust": 0.7,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062421"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-712/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3527"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042625"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021102205"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iconics-genesis64-three-vulnerabilities-36698"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "date": "2022-03-07T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "date": "2021-10-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      },
      {
        "date": "2021-06-25T13:15:00",
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-709"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-708"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-707"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-706"
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1238"
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1236"
      },
      {
        "date": "2022-02-18T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-378"
      },
      {
        "date": "2022-03-07T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-473"
      },
      {
        "date": "2021-11-26T02:40:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2022-05-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      },
      {
        "date": "2022-05-13T17:31:00",
        "db": "NVD",
        "id": "CVE-2021-27040"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1561"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-712"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-711"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-710"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-709"
      }
    ],
    "trust": 2.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202106-1814
Vulnerability from variot

A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 ‥ * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040 Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1814",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "autocad",
        "scope": null,
        "trust": 2.1,
        "vendor": "autodesk",
        "version": null
      },
      {
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "design review",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2018"
      },
      {
        "model": "autocad electrical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad map 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "mc works64",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mitsubishielectric",
        "version": "4.04e"
      },
      {
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad mep",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "advance steel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad plant 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad architecture",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad plant 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad electrical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "autocad mep",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "autocad architecture",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022.0.1"
      },
      {
        "model": "autocad lt",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020.1.4"
      },
      {
        "model": "autocad mechanical",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019.1.3"
      },
      {
        "model": "autocad architecture",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "autocad lt",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021"
      },
      {
        "model": "genesis64",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "iconics",
        "version": "10.97"
      },
      {
        "model": "autocad map 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "advance steel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2020"
      },
      {
        "model": "civil 3d",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2021.1.1"
      },
      {
        "model": "civil 3d",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2022"
      },
      {
        "model": "autocad mechanical",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "autodesk",
        "version": "2019"
      },
      {
        "model": "genesis64",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      },
      {
        "model": "mc works64",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u4e09\u83f1\u96fb\u6a5f",
        "version": null
      },
      {
        "model": "genesis64",
        "scope": null,
        "trust": 0.7,
        "vendor": "iconics",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:hotfix4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:design_review:2018:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019.1.3",
                "versionStartIncluding": "2019",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2020.1.4",
                "versionStartIncluding": "2020",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2021.1.1",
                "versionStartIncluding": "2021",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2022.0.1",
                "versionStartIncluding": "2022",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:iconics:genesis64:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.97",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.04e",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      }
    ],
    "trust": 2.1
  },
  "cve": "CVE-2021-27041",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2021-27041",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27041",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.8,
            "userInteraction": "REQUIRED",
            "vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-27041",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "OTHER",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-003350",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "ZDI",
            "id": "CVE-2021-27041",
            "trust": 2.8,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-27041",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2021-003350",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-1568",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code. Provided by Mitsubishi Electric Corporation GENESIS64 and MC Works64 of AutoCAD (DWG) The file import feature contains several vulnerabilities: It was * Out-of-bounds read (CWE-125) - CVE-2021-27040 \u2025 * Out-of-bounds writing (CWE-787) - CVE-2021-27041 This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developers.* Crafted by a third party AutoCAD (DWG) Information leaks by importing the file into the product - CVE-2021-27040* Crafted by a third party AutoCAD (DWG) By importing the file into the product, any program will be executed. - CVE-2021-27041. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 4.68
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-27041",
        "trust": 5.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-294-01",
        "trust": 1.4
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-714",
        "trust": 1.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237",
        "trust": 1.3
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478",
        "trust": 1.3
      },
      {
        "db": "JVN",
        "id": "JVNVU94862669",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12281",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-12181",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-14064",
        "trust": 0.7
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-15565",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021102205",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022042625",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022040706",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021062421",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3527",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "id": "VAR-202106-1814",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.685964935
  },
  "last_update_date": "2022-05-14T20:19:01.789000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Autodesk has issued an update to correct this vulnerability.",
        "trust": 1.4,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
      },
      {
        "title": "GENESIS64 and MC\u00a0Works64 of AutoCAD(DWG) Information leakage and malicious program execution vulnerability in file import function",
        "trust": 0.8,
        "url": "https://www.mitsubishielectric.co.jp/psirt/vulnerability/pdf/2021-017.pdf"
      },
      {
        "title": "ICONICS has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
      },
      {
        "title": "Autodesk has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
      },
      {
        "title": "Autodesk AutoCAD Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=155361"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      },
      {
        "problemtype": "Out-of-bounds writing (CWE-787) [ Other ]",
        "trust": 0.8
      },
      {
        "problemtype": " Out-of-bounds read (CWE-125) [ Other ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004"
      },
      {
        "trust": 2.1,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-294-01"
      },
      {
        "trust": 1.6,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0007"
      },
      {
        "trust": 1.2,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-1237/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu94862669/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27041"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27040"
      },
      {
        "trust": 0.7,
        "url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0004"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021062421"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022040706"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3527"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-22-478/"
      },
      {
        "trust": 0.6,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-21-714/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022042625"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021102205"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/iconics-genesis64-three-vulnerabilities-36698"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "date": "2022-03-07T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "date": "2021-10-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      },
      {
        "date": "2021-06-25T13:15:00",
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "date": "2021-06-22T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "date": "2021-10-28T00:00:00",
        "db": "ZDI",
        "id": "ZDI-21-1237"
      },
      {
        "date": "2022-03-07T00:00:00",
        "db": "ZDI",
        "id": "ZDI-22-478"
      },
      {
        "date": "2021-11-26T02:40:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-003350"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2022-04-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      },
      {
        "date": "2022-05-13T17:37:00",
        "db": "NVD",
        "id": "CVE-2021-27041"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1568"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Autodesk AutoCAD DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-21-714"
      },
      {
        "db": "ZDI",
        "id": "ZDI-21-713"
      },
      {
        "db": "ZDI",
        "id": "ZDI-22-478"
      }
    ],
    "trust": 2.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}