22 matches found
CVE-2024-7305
CVE-2024-7305 describes an Out-of-Bounds Write in AdDwfPdk.dll when parsing DWF files in Autodesk AutoCAD. The vulnerability arises in the DWF file handling code and can lead to a crash, data corruption, or arbitrary code execution in the context of the affected process. Evidence from multiple so...
CVE-2013-3665
CVE-2013-3665 affects Autodesk AutoCAD (2011–2014), AutoCAD LT (2011–2014) and DWG TrueView (2011–2014). The root cause is a bounds-checking failure when processing DWG files, which could allow an attacker to trigger arbitrary code execution via a specially crafted DWG file. Impact is remote code...
CVE-2021-40163
CVE-2021-40163 is a memory corruption vulnerability in Autodesk Image Processing component that can lead to code execution via a malicious DLL. The NVD entry notes local attack vector, user interaction required, with a base score of 7.8 (HIGH). The issue is repeatedly described across sources as ...
CVE-2021-27040
CVE-2021-27040 is an out-of-bounds read in the DWG file parsing path that affects ICONICS GENESIS64 (and related components) when importing DWG data. Root cause described across sources as improper validation of user-supplied data leading to reading past allocated buffers, enabling potential arbi...
CVE-2022-25797
CVE-2022-25797 affects Autodesk AutoCAD 2019–2022 where a crafted PDF can trigger a buffer-overflow when parsing, due to improper handling that leads to an unhandled exception. The issue is tied to the PDF-parsing path in AutoCAD/TrueView, with confirmed impact described as a write beyond the all...
CVE-2021-27043
CVE-2021-27043 affects Autodesk DWG/AutoCAD components due to an Arbitrary Address Write vulnerability. The issue allows writing to unexpected paths caused by memory corruption, with exploitation described as requiring the victim to enable full page heap in the application. Public references from...
CVE-2021-40166
CVE-2021-40166 affects Autodesk Image Processing: parsing of a malicious PNG can trigger a use-after-free by freeing an object that has already been freed, potentially allowing arbitrary code execution. Documented impact is arbitrary code execution; no specific remediation/version fixes are state...
CVE-2022-27524
CVE-2022-27524 concerns Autodesk TrueView 2022, where an out-of-bounds read vulnerability occurs while processing a maliciously crafted DWG file. The issue may lead to exposure of sensitive information or a crash, and, in conjunction with other vulnerabilities, could result in code execution in t...
CVE-2021-40162
CVE-2021-40162 affects Autodesk Image Processing: a vulnerability where parsing TIFF/PICT/TGA/RLC files may cause reads beyond allocated boundaries, enabling arbitrary code execution. Root cause is in the image-processing component's handling of external image formats. Impact is high (AV Local, U...
CVE-2022-27523
CVE-2022-27523 describes a buffer over-read in Autodesk TrueView 2022 triggered by a maliciously crafted DWG file. The issue can lead to exposure of sensitive information or a crash, and, when combined with other vulnerabilities, could enable code execution in the context of the current process. ...
CVE-2025-1275
The CVE-2025-1275 entry concerns a heap-based overflow in JPG parsing when linked or imported into Autodesk applications. The vulnerability affects Autodesk products using JPG handling in affected workflows (e.g., AutoCAD/Revit-related components) and can allow a malicious actor to crash the appl...
CVE-2024-9489
CVE-2024-9489 involves Autodesk AutoCAD where parsing a malicious DWG file in ACAD.exe can trigger a memory corruption vulnerability. The description and related sources indicate possible outcomes include a crash, reading/writing sensitive data, or arbitrary code execution within the process cont...
CVE-2024-9997
Autodesk AutoCAD is affected by CVE-2024-9997 due to a vulnerability in acdb25.dll when parsing a malicious DWG file, causing memory corruption that can crash the process or allow arbitrary code execution. The issue is detailed across multiple feeds (NVD, Red Hat, CIRCL, ZDI) with the impact desc...
CVE-2024-7992
Autodesk AutoCAD and certain AutoCAD-based products are affected by CVE-2024-7992 due to parsing a malicious DWG file that can trigger a stack-based buffer overflow. The vulnerability may crash the process, allow reading of sensitive data, or execute arbitrary code in the current process. Descrip...
CVE-2024-8896
CVE-2024-8896 affects Autodesk AutoCAD via a vulnerability in acdb25.dll when parsing malicious DXF files. Root cause: accessing an uninitialized variable in memory, enabling arbitrary code execution or crashes in the current process. Documented impacts include crashing and potential data leakage...
CVE-2021-40164
This CVE affects Autodesk Image Processing. A heap-based buffer overflow can occur while parsing TIFF, PICT, TGA, or RLC files, enabling arbitrary code execution. Root cause: improper handling during image parsing. Impact is high per sources; exploitation is possible when processing malformed ima...
CVE-2024-9996
CVE-2024-9996 affects Autodesk AutoCAD (acdb25.dll) via parsing a malicious DWG file, causing an Out-of-Bounds Write that can crash, corrupt data or allow arbitrary code execution in the current process. Exploitation requires user interaction (per CVSS) and is local. The issue is discussed in ZDI...
CVE-2021-40165
Summary: CVE-2021-40165 affects Autodesk Image Processing components. A crafted TIFF/PICT/TGA/RLC file can cause a write past the allocated buffer during parsing, potentially allowing arbitrary code execution. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, low attack complexity, ...
CVE-2024-7991
CVE-2024-7991 concerns Autodesk AutoCAD (and AutoCAD-based products) where parsing a malicious DWG file can trigger an Out-of-Bounds Write, potentially crashing the application, corrupting data, or executing arbitrary code in the current process. Public sources in the provided set identify the vu...
CVE-2022-42945
DWG TrueView 2023 contains a DLL search order hijacking vulnerability leading to remote code execution (CVE-2022-42945). Root cause: DLL search order manipulation. Affected product: Autodesk DWG TrueView 2023. Evidence from multiple sources confirms the issue; exploitation is described as remote ...
CVE-2025-1276
CVE-2025-1276 : A maliciously crafted DWG file, when parsed by Autodesk applications, can trigger an Out-of-Bounds Write vulnerability. Impacted behavior includes a crash, data corruption, or arbitrary code execution in the context of the affected process. The root cause is an out-of-bounds write...
CVE-2024-23138
CVE-2024-23138 affects Autodesk DWG TrueView. The issue arises when parsing a malicious DWG file, causing a stack-based overflow in the TrueView parser. Reported impact includes a crash, potential data exposure, or arbitrary code execution within the process context. The CVSSv3.1 base score is 7....