Vulnerabilites related to autodesk - fbx_software_development_kit
cve-2023-27909
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 16:13
Severity ?
EPSS score ?
Summary
An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX SDK |
Version: 2020 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:29.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-27909", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T16:12:42.672922Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-06T16:13:15.690Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Autodesk FBX SDK", vendor: "n/a", versions: [ { status: "affected", version: "2020", }, ], }, ], descriptions: [ { lang: "en", value: "An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "Out-of-bound Write", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-17T00:00:00.000Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2023-27909", datePublished: "2023-04-17T00:00:00.000Z", dateReserved: "2023-03-07T00:00:00.000Z", dateUpdated: "2025-02-06T16:13:15.690Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9306
Vulnerability from cvelistv5
Published
2017-01-25 19:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95807 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:36.750Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95807", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95807", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-25T00:00:00", descriptions: [ { lang: "en", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-27T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95807", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95807", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9306", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", refsource: "CONFIRM", url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95807", refsource: "BID", url: "http://www.securityfocus.com/bid/95807", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9306", datePublished: "2017-01-25T19:00:00", dateReserved: "2016-11-14T00:00:00", dateUpdated: "2024-08-06T02:50:36.750Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41302
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.902Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FBX SDK", vendor: "n/a", versions: [ { status: "affected", version: "2020.3.1", }, ], }, ], descriptions: [ { lang: "en", value: "An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", }, ], problemTypes: [ { descriptions: [ { description: "Out-Of-Bounds Read", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-14T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2022-41302", datePublished: "2022-10-14T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.902Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9305
Vulnerability from cvelistv5
Published
2017-01-25 19:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95803 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:36.752Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95803", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95803", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-25T00:00:00", descriptions: [ { lang: "en", value: "Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-27T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95803", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95803", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9305", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", refsource: "CONFIRM", url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95803", refsource: "BID", url: "http://www.securityfocus.com/bid/95803", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9305", datePublished: "2017-01-25T19:00:00", dateReserved: "2016-11-14T00:00:00", dateUpdated: "2024-08-06T02:50:36.752Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9303
Vulnerability from cvelistv5
Published
2017-01-25 19:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95805 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:36.753Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95805", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95805", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-25T00:00:00", descriptions: [ { lang: "en", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-27T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95805", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95805", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9303", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", refsource: "CONFIRM", url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95805", refsource: "BID", url: "http://www.securityfocus.com/bid/95805", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9303", datePublished: "2017-01-25T19:00:00", dateReserved: "2016-11-14T00:00:00", dateUpdated: "2024-08-06T02:50:36.753Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7083
Vulnerability from cvelistv5
Published
2020-04-17 17:53
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX-SDK |
Version: 2019.0 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:03.027Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Autodesk FBX-SDK", vendor: "n/a", versions: [ { status: "affected", version: "2019.0 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.", }, ], problemTypes: [ { descriptions: [ { description: "Integer overflow vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-17T17:53:07", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2020-7083", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Autodesk FBX-SDK", version: { version_data: [ { version_value: "2019.0 and earlier", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Integer overflow vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", refsource: "MISC", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2020-7083", datePublished: "2020-04-17T17:53:07", dateReserved: "2020-01-15T00:00:00", dateUpdated: "2024-08-04T09:18:03.027Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-7366
Vulnerability from cvelistv5
Published
2019-12-03 17:09
Modified
2024-08-04 20:46
Severity ?
EPSS score ?
Summary
Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0003 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX Software Development Kit |
Version: 2019.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:46:46.173Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0003", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Autodesk FBX Software Development Kit", vendor: "n/a", versions: [ { status: "affected", version: "2019.5", }, ], }, ], descriptions: [ { lang: "en", value: "Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.", }, ], problemTypes: [ { descriptions: [ { description: "Buffer overflow vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-03T17:09:14", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0003", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2019-7366", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Autodesk FBX Software Development Kit", version: { version_data: [ { version_value: "2019.5", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer overflow vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0003", refsource: "CONFIRM", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0003", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2019-7366", datePublished: "2019-12-03T17:09:14", dateReserved: "2019-02-04T00:00:00", dateUpdated: "2024-08-04T20:46:46.173Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27910
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 15:44
Severity ?
EPSS score ?
Summary
A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX SDK |
Version: 2020 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:30.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-27910", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T15:43:22.504093Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121 Stack-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-06T15:44:29.546Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Autodesk FBX SDK", vendor: "n/a", versions: [ { status: "affected", version: "2020", }, ], }, ], descriptions: [ { lang: "en", value: "A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Stack Buffer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-17T00:00:00.000Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2023-27910", datePublished: "2023-04-17T00:00:00.000Z", dateReserved: "2023-03-07T00:00:00.000Z", dateUpdated: "2025-02-06T15:44:29.546Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7080
Vulnerability from cvelistv5
Published
2020-04-17 17:52
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX-SDK |
Version: 2019.0 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:03.094Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Autodesk FBX-SDK", vendor: "n/a", versions: [ { status: "affected", version: "2019.0 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.", }, ], problemTypes: [ { descriptions: [ { description: "Buffer Overflow vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-17T17:52:17", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2020-7080", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Autodesk FBX-SDK", version: { version_data: [ { version_value: "2019.0 and earlier", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer Overflow vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", refsource: "MISC", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2020-7080", datePublished: "2020-04-17T17:52:17", dateReserved: "2020-01-15T00:00:00", dateUpdated: "2024-08-04T09:18:03.094Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7084
Vulnerability from cvelistv5
Published
2020-04-17 17:53
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX-SDK |
Version: 2019.0 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:02.962Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Autodesk FBX-SDK", vendor: "n/a", versions: [ { status: "affected", version: "2019.0 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.", }, ], problemTypes: [ { descriptions: [ { description: "NULL pointer dereference vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-17T17:53:26", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2020-7084", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Autodesk FBX-SDK", version: { version_data: [ { version_value: "2019.0 and earlier", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "NULL pointer dereference vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", refsource: "MISC", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2020-7084", datePublished: "2020-04-17T17:53:26", dateReserved: "2020-01-15T00:00:00", dateUpdated: "2024-08-04T09:18:02.962Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9307
Vulnerability from cvelistv5
Published
2017-01-25 19:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95802 | vdb-entry, x_refsource_BID | |
| http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:36.761Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "95802", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95802", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-25T00:00:00", descriptions: [ { lang: "en", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-27T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "95802", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95802", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9307", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "95802", refsource: "BID", url: "http://www.securityfocus.com/bid/95802", }, { name: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", refsource: "CONFIRM", url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9307", datePublished: "2017-01-25T19:00:00", dateReserved: "2016-11-14T00:00:00", dateUpdated: "2024-08-06T02:50:36.761Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41303
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.708Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FBX SDK", vendor: "n/a", versions: [ { status: "affected", version: "2020.3.1", }, ], }, ], descriptions: [ { lang: "en", value: "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.", }, ], problemTypes: [ { descriptions: [ { description: "Out-Of-Bounds Write", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-14T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2022-41303", datePublished: "2022-10-14T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.708Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7085
Vulnerability from cvelistv5
Published
2020-04-17 17:53
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX-SDK |
Version: 2019.2 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:03.025Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Autodesk FBX-SDK", vendor: "n/a", versions: [ { status: "affected", version: "2019.2 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.", }, ], problemTypes: [ { descriptions: [ { description: "Heap overflow vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-17T17:53:49", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2020-7085", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Autodesk FBX-SDK", version: { version_data: [ { version_value: "2019.2 and earlier", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Heap overflow vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", refsource: "MISC", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2020-7085", datePublished: "2020-04-17T17:53:49", dateReserved: "2020-01-15T00:00:00", dateUpdated: "2024-08-04T09:18:03.025Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41304
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.906Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "FBX SDK", vendor: "n/a", versions: [ { status: "affected", version: "2020.3.1", }, ], }, ], descriptions: [ { lang: "en", value: "An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.", }, ], problemTypes: [ { descriptions: [ { description: "Use-After-Free ", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-14T00:00:00", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2022-41304", datePublished: "2022-10-14T00:00:00", dateReserved: "2022-09-21T00:00:00", dateUpdated: "2024-08-03T12:42:44.906Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7082
Vulnerability from cvelistv5
Published
2020-04-17 17:52
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX-SDK |
Version: 2019.0 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:03.072Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Autodesk FBX-SDK", vendor: "n/a", versions: [ { status: "affected", version: "2019.0 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.", }, ], problemTypes: [ { descriptions: [ { description: "Use-After-Free vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-17T17:52:49", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2020-7082", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Autodesk FBX-SDK", version: { version_data: [ { version_value: "2019.0 and earlier", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Use-After-Free vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", refsource: "MISC", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2020-7082", datePublished: "2020-04-17T17:52:49", dateReserved: "2020-01-15T00:00:00", dateUpdated: "2024-08-04T09:18:03.072Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-7081
Vulnerability from cvelistv5
Published
2020-04-17 17:52
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX-SDK |
Version: 2019.0 and earlier |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:03.075Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Autodesk FBX-SDK", vendor: "n/a", versions: [ { status: "affected", version: "2019.0 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.", }, ], problemTypes: [ { descriptions: [ { description: "Type confusion vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-17T17:52:36", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@autodesk.com", ID: "CVE-2020-7081", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Autodesk FBX-SDK", version: { version_data: [ { version_value: "2019.0 and earlier", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Type confusion vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", refsource: "MISC", url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2020-7081", datePublished: "2020-04-17T17:52:36", dateReserved: "2020-01-15T00:00:00", dateUpdated: "2024-08-04T09:18:03.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-27911
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 15:33
Severity ?
EPSS score ?
Summary
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Autodesk FBX SDK |
Version: 2020 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:23:30.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-27911", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T15:33:29.717160Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122 Heap-based Buffer Overflow", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-06T15:33:38.280Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Autodesk FBX SDK", vendor: "n/a", versions: [ { status: "affected", version: "2020", }, ], }, ], descriptions: [ { lang: "en", value: "A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.", }, ], problemTypes: [ { descriptions: [ { description: "Heap Buffer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-04-17T00:00:00.000Z", orgId: "7e40ea87-bc65-4944-9723-dd79dd760601", shortName: "autodesk", }, references: [ { url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, ], }, }, cveMetadata: { assignerOrgId: "7e40ea87-bc65-4944-9723-dd79dd760601", assignerShortName: "autodesk", cveId: "CVE-2023-27911", datePublished: "2023-04-17T00:00:00.000Z", dateReserved: "2023-03-07T00:00:00.000Z", dateUpdated: "2025-02-06T15:33:38.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-9304
Vulnerability from cvelistv5
Published
2017-01-25 19:00
Modified
2024-08-06 02:50
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95799 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:50:36.772Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95799", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/95799", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-01-25T00:00:00", descriptions: [ { lang: "en", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-27T10:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95799", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/95799", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-9304", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", refsource: "CONFIRM", url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { name: "95799", refsource: "BID", url: "http://www.securityfocus.com/bid/95799", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-9304", datePublished: "2017-01-25T19:00:00", dateReserved: "2016-11-14T00:00:00", dateUpdated: "2024-08-06T02:50:36.772Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2017-01-25 19:59
Modified
2024-11-21 03:00
Severity ?
Summary
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2", versionEndIncluding: "2017.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.", }, { lang: "es", value: "Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario al leer o convertir archivos de formato DFX mal formados.", }, ], id: "CVE-2016-9304", lastModified: "2024-11-21T03:00:56.310", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-25T19:59:00.203", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/95799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/95799", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-03 18:15
Modified
2024-11-21 04:48
Severity ?
Summary
Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0003 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0003 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | 2019.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:2019.5:*:*:*:*:*:*:*", matchCriteriaId: "1355BB0E-3424-447E-AA2A-F6CB57648EF0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento de búfer en Autodesk FBX Software Development Kit versión 2019.5. Un usuario puede ser engañado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de desbordamiento de búfer causando que se ejecute un código arbitrario en el sistema.", }, ], id: "CVE-2019-7366", lastModified: "2024-11-21T04:48:06.603", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-03T18:15:10.500", references: [ { source: "psirt@autodesk.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0003", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2019-0003", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-17 21:15
Modified
2025-02-06 17:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "2C560264-D3D4-450F-A933-0567181A3EDF", versionEndExcluding: "2020.3.4", versionStartIncluding: "2020.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.", }, ], id: "CVE-2023-27909", lastModified: "2025-02-06T17:15:16.037", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-17T21:15:07.777", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-17 21:15
Modified
2025-02-06 16:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "2C560264-D3D4-450F-A933-0567181A3EDF", versionEndExcluding: "2020.3.4", versionStartIncluding: "2020.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.", }, ], id: "CVE-2023-27910", lastModified: "2025-02-06T16:15:35.197", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-17T21:15:07.823", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-121", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-04-17 21:15
Modified
2025-02-06 16:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "2C560264-D3D4-450F-A933-0567181A3EDF", versionEndExcluding: "2020.3.4", versionStartIncluding: "2020.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.", }, ], id: "CVE-2023-27911", lastModified: "2025-02-06T16:15:35.373", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-04-17T21:15:07.870", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0004", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-122", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-14 17:15
Modified
2024-11-21 07:23
Severity ?
Summary
An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | 2020.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:2020.0:*:*:*:*:*:*:*", matchCriteriaId: "8805EE28-F361-482B-81FC-4E31F2EDB85D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.", }, { lang: "es", value: "Una vulnerabilidad de lectura fuera de límites en Autodesk FBX SDK versión 2020. y anteriores puede conllevar a una ejecución de código o una divulgación de información mediante archivos FBX diseñados de forma maliciosa. Esta vulnerabilidad, junto con otras, podría conllevar a una ejecución de código en el contexto del proceso actual", }, ], id: "CVE-2022-41302", lastModified: "2024-11-21T07:23:00.227", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-14T17:15:16.100", references: [ { source: "psirt@autodesk.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-25 19:59
Modified
2024-11-21 03:00
Severity ?
Summary
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2", versionEndIncluding: "2017.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.", }, { lang: "es", value: "Manipulación incorrecta en el SDK de Autodesk FBX en versiones anteriores a 2017.1 de desajustes de tipo y objetos eliminados anteriormente relacionados con la lectura y conversión de archivos de formato FBX mal formados pueden permitir a atacantes obtener acceso a punteros no inicializados.", }, ], id: "CVE-2016-9305", lastModified: "2024-11-21T03:00:56.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-25T19:59:00.250", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/95803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/95803", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-19", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-14 17:15
Modified
2024-11-21 07:23
Severity ?
Summary
An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | 2020.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:2020.0:*:*:*:*:*:*:*", matchCriteriaId: "8805EE28-F361-482B-81FC-4E31F2EDB85D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.", }, { lang: "es", value: "Una vulnerabilidad de escritura fuera de límites en Autodesk FBX SDK versión 2020 y anteriores, puede conllevar a una ejecución de código a mediante archivos FBX diseñados de forma maliciosa o una divulgación de información", }, ], id: "CVE-2022-41304", lastModified: "2024-11-21T07:23:00.447", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-14T17:15:16.323", references: [ { source: "psirt@autodesk.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-17 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "EADE790E-9DE7-441A-9140-44B9EE972DD1", versionEndIncluding: "2019.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento del búfer en Autodesk FBX-SDK versiones 2019.0 y anteriores, puede conllevar a una ejecución de código arbitrario en un sistema que lo ejecute.", }, ], id: "CVE-2020-7080", lastModified: "2024-11-21T05:36:37.453", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-17T18:15:11.947", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-17 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "EADE790E-9DE7-441A-9140-44B9EE972DD1", versionEndIncluding: "2019.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.", }, { lang: "es", value: "Una vulnerabilidad de confusión de tipos en Autodesk FBX-SDK versiones 2019.0 y anteriores, puede conllevar a la lectura y escritura de código arbitrario en el sistema que lo ejecuta.", }, ], id: "CVE-2020-7081", lastModified: "2024-11-21T05:36:37.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-17T18:15:12.010", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-843", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-17 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "EADE790E-9DE7-441A-9140-44B9EE972DD1", versionEndIncluding: "2019.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento del puntero NULL en Autodesk FBX-SDK versiones 2019.0 y anteriores, puede conllevar a una denegación de servicio de la aplicación.", }, ], id: "CVE-2020-7084", lastModified: "2024-11-21T05:36:37.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-17T18:15:12.167", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-25 19:59
Modified
2024-11-21 03:00
Severity ?
Summary
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2", versionEndIncluding: "2017.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.", }, { lang: "es", value: "Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario al leer o convertir archivos de formato DAE mal formados.", }, ], id: "CVE-2016-9306", lastModified: "2024-11-21T03:00:56.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-25T19:59:00.283", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/95807", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/95807", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-17 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "EADE790E-9DE7-441A-9140-44B9EE972DD1", versionEndIncluding: "2019.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.", }, { lang: "es", value: "Una vulnerabilidad de uso de la memoria previamente liberada en Autodesk FBX-SDK versiones 2019.0 y anteriores, puede conllevar a una ejecución de código en un sistema que lo ejecute.", }, ], id: "CVE-2020-7082", lastModified: "2024-11-21T05:36:37.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-17T18:15:12.057", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-25 19:59
Modified
2024-11-21 03:00
Severity ?
Summary
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2", versionEndIncluding: "2017.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.", }, { lang: "es", value: "Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario al leer o convertir archivos de formato 3DS mal formados.", }, ], id: "CVE-2016-9307", lastModified: "2024-11-21T03:00:56.713", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-25T19:59:00.313", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/95802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/95802", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-17 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "AF50DA5D-BB7B-45CD-AE2B-3D0E411B7ED2", versionEndIncluding: "2019.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento de pila (heap) en Autodesk FBX-SDK versiones 2019.2 y anteriores, puede conllevar a una ejecución de código arbitraria en un sistema que lo ejecute.", }, ], id: "CVE-2020-7085", lastModified: "2024-11-21T05:36:37.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-17T18:15:12.213", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-17 18:15
Modified
2024-11-21 05:36
Severity ?
Summary
An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "EADE790E-9DE7-441A-9140-44B9EE972DD1", versionEndIncluding: "2019.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.", }, { lang: "es", value: "Una vulnerabilidad de desbordamiento de enteros en Autodesk FBX-SDK versiones 2019.0 y anteriores, puede conllevar a una denegación de servicio de la aplicación.", }, ], id: "CVE-2020-7083", lastModified: "2024-11-21T05:36:37.763", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-17T18:15:12.117", references: [ { source: "psirt@autodesk.com", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-14 17:15
Modified
2024-11-21 07:23
Severity ?
Summary
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@autodesk.com | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | 2020.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:2020.0:*:*:*:*:*:*:*", matchCriteriaId: "8805EE28-F361-482B-81FC-4E31F2EDB85D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.", }, { lang: "es", value: "Un usuario puede ser engañado para abrir un archivo FBX malicioso que puede explotar una vulnerabilidad de uso de memoria previamente liberada en Autodesk FBX SDK versión 2020 causando que la aplicación haga referencia a una ubicación de memoria controlada por un tercero no autorizado, ejecutando así código arbitrario en el sistema", }, ], id: "CVE-2022-41303", lastModified: "2024-11-21T07:23:00.340", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-14T17:15:16.203", references: [ { source: "psirt@autodesk.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.autodesk.com/trust/security-advisories/adsk-sa-2022-0022", }, ], sourceIdentifier: "psirt@autodesk.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-25 19:59
Modified
2024-11-21 03:00
Severity ?
Summary
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | fbx_software_development_kit | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*", matchCriteriaId: "B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2", versionEndIncluding: "2017.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.", }, { lang: "es", value: "Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario o provocar una condición de bucle infinito al leer o convertir archivos de formato FBX mal formados.", }, ], id: "CVE-2016-9303", lastModified: "2024-11-21T03:00:56.173", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-25T19:59:00.140", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/95805", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/95805", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }