Lucene search
K
AutodeskFusion

13 matches found

CVE
CVE
added 2022/10/07 12:0 a.m.98 views

CVE-2021-40163

CVE-2021-40163 is a memory corruption vulnerability in Autodesk Image Processing component that can lead to code execution via a malicious DLL. The NVD entry notes local attack vector, user interaction required, with a base score of 7.8 (HIGH). The issue is repeatedly described across sources as ...

7.8CVSS7.8AI score0.00242EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.83 views

CVE-2021-40166

CVE-2021-40166 affects Autodesk Image Processing: parsing of a malicious PNG can trigger a use-after-free by freeing an object that has already been freed, potentially allowing arbitrary code execution. Documented impact is arbitrary code execution; no specific remediation/version fixes are state...

7.8CVSS7.8AI score0.00242EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.79 views

CVE-2021-40162

CVE-2021-40162 affects Autodesk Image Processing: a vulnerability where parsing TIFF/PICT/TGA/RLC files may cause reads beyond allocated boundaries, enabling arbitrary code execution. Root cause is in the image-processing component's handling of external image formats. Impact is high (AV Local, U...

7.8CVSS7.7AI score0.00242EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.72 views

CVE-2021-40164

This CVE affects Autodesk Image Processing. A heap-based buffer overflow can occur while parsing TIFF, PICT, TGA, or RLC files, enabling arbitrary code execution. Root cause: improper handling during image parsing. Impact is high per sources; exploitation is possible when processing malformed ima...

7.8CVSS8AI score0.00246EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.69 views

CVE-2021-40165

Summary: CVE-2021-40165 affects Autodesk Image Processing components. A crafted TIFF/PICT/TGA/RLC file can cause a write past the allocated buffer during parsing, potentially allowing arbitrary code execution. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, low attack complexity, ...

7.8CVSS7.9AI score0.00242EPSS
CVE
CVE
added 2025/09/23 11:31 a.m.37 views

CVE-2025-10244

CVE-2025-10244 affects Autodesk Fusion desktop app via a Stored Cross-site Scripting (XSS) condition triggered by a malicious HTML payload rendered by the application. The vulnerability can allow reading local files or executing arbitrary code in the context of the current process. Reported CVSSv...

8.7CVSS5.9AI score0.00418EPSS
CVE
CVE
added 2026/06/22 5:15 p.m.36 views

CVE-2026-10789

Summary: CVE-2026-10789 is a code-injection vulnerability in the MCP extension for Autodesk Fusion Desktop. A malicious webpage visited by a user with Fusion Desktop running and MCP enabled can trigger arbitrary code execution with the current user’s privileges. The CVSS 3.1 score is 9.6 (CRITICA...

9.6CVSS6.2AI score0.00381EPSS
CVE
CVE
added 2026/01/22 4:58 p.m.25 views

CVE-2026-0533

Technical details (affected product/version, root cause, exploit specifics, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from Autodesk and security advisories to obtain concrete details and remediation guidance.

8.1CVSS5.9AI score0.0059EPSS
CVE
CVE
added 2026/01/22 4:59 p.m.25 views

CVE-2026-0535

Technical details about CVE-2026-0535 are not publicly provided in the connected documents. Monitor for updates from Autodesk and security advisories.

8.1CVSS5.9AI score0.00578EPSS
CVE
CVE
added 2026/01/22 4:59 p.m.18 views

CVE-2026-0534

This CVE (CVE-2026-0534) affects Autodesk Fusion desktop application. The issue is a Stored Cross-site Scripting (XSS) vulnerability triggered by a malicious HTML payload stored in a part’s attribute and activated by user interaction, allowing an attacker to read local files or execute arbitrary ...

8.1CVSS5.9AI score0.00469EPSS
CVE
CVE
added 2026/04/14 1:47 p.m.18 views

CVE-2026-4369

The CVE-2026-4369 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Autodesk Fusion desktop app tied to a malicious payload in an assembly variant name. The vulnerability can be triggered when the affected variant name is rendered in the delete confirmation dialog, and a user c...

7.1CVSS6.1AI score0.002EPSS
CVE
CVE
added 2026/04/14 1:56 p.m.11 views

CVE-2026-4345

CVE-2026-4345 describes a stored XSS flaw in Autodesk Fusion desktop: a malicious design name, when exported to CSV, can execute in the app’s process context and read local files. Affected: Fusion desktop application; vulnerability arises from stored payload in design names. CVSS base metrics ind...

7.1CVSS6.1AI score0.00204EPSS
CVE
CVE
added 2026/04/14 1:56 p.m.10 views

CVE-2026-4344

CVE-2026-4344 describes a Stored XSS vulnerability in the Autodesk Fusion desktop application. A malicious HTML payload in the component name, when shown in a delete confirmation dialog and clicked by a user, can execute script in the user’s context. The CVE notes potential to read local files or...

7.1CVSS6.1AI score0.00204EPSS