CVE-2021-40162

2022-10-0700:00:00

autodesk

www.cve.org

malicious file parsing

arbitrary code execution

cve-2021-40162

0.001 Low

EPSS

Percentile

30.2%

JSON

A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Revit, Inventor, Infraworks, Navisworks, Fusion, Infrastructure Parts Editors, Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D",
    "versions": [
      {
        "version": "2022, 2021, 2020, 2019",
        "status": "affected"
      }
    ]
  }
]

References

www.autodesk.com/trust/security-advisories/adsk-sa-2021-0011

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for CVELIST:CVE-2021-40162