35 matches found
CVE-2021-40163
CVE-2021-40163 is a memory corruption vulnerability in Autodesk Image Processing component that can lead to code execution via a malicious DLL. The NVD entry notes local attack vector, user interaction required, with a base score of 7.8 (HIGH). The issue is repeatedly described across sources as ...
CVE-2023-25003
CVE-2023-25003 affects Autodesk AutoCAD 2023 and Autodesk Maya 2022 via a malicious pskernel.dll that enables out-of-bounds read/write conditions, potentially leading to code execution. The issue is caused by a vulnerability in the pskernel.dll handling, with exploitation implied by references to...
CVE-2021-40166
CVE-2021-40166 affects Autodesk Image Processing: parsing of a malicious PNG can trigger a use-after-free by freeing an object that has already been freed, potentially allowing arbitrary code execution. Documented impact is arbitrary code execution; no specific remediation/version fixes are state...
CVE-2023-29068
CVE-2023-29068 : A maliciously crafted file consumed through the Autodesk pskernel.dll can cause memory corruption, which in conjunction with other vulnerabilities could lead to code execution in the context of the current process. The issue is associated with Autodesk products using pskernel.dll...
CVE-2021-40161
Summary (CVE-2021-40161) : The issue affects PDFTron software; memory corruption can enable remote code execution when processing PDFs containing malicious DLL references. Root cause is errors in the mechanism that checks the path to dynamically loaded libraries (DLLs). Affected products are PDFT...
CVE-2021-40162
CVE-2021-40162 affects Autodesk Image Processing: a vulnerability where parsing TIFF/PICT/TGA/RLC files may cause reads beyond allocated boundaries, enabling arbitrary code execution. Root cause is in the image-processing component's handling of external image formats. Impact is high (AV Local, U...
CVE-2025-1275
The CVE-2025-1275 entry concerns a heap-based overflow in JPG parsing when linked or imported into Autodesk applications. The vulnerability affects Autodesk products using JPG handling in affected workflows (e.g., AutoCAD/Revit-related components) and can allow a malicious actor to crash the appl...
CVE-2025-1656
CVE-2025-1656 describes a Heap-Based Overflow in PDF parsing when linked or imported into Autodesk applications, leading to crash, data leakage, or arbitrary code execution in the current process. Multiple connected sources (NVD, Red Hat, CVE list, and Nessus plugin) consistently reference a PDF-...
CVE-2021-40160
CVE-2021-40160 affects PDFTron before 9.0.7, where parsing a malicious PDF can read beyond allocated boundaries, enabling arbitrary code execution. The primary public details come from Autodesk/AutoCAD disclosures and ZDI notes: exploitation is possible via crafted PDF data, and some analyses ind...
CVE-2021-40164
This CVE affects Autodesk Image Processing. A heap-based buffer overflow can occur while parsing TIFF, PICT, TGA, or RLC files, enabling arbitrary code execution. Root cause: improper handling during image parsing. Impact is high per sources; exploitation is possible when processing malformed ima...
CVE-2022-27871
CVE-2022-27871 affects Autodesk AutoCAD product suite, Revit, Design Review and Navisworks when using PDFTron prior to 9.1.17. The root cause is a boundary error while parsing PDF files, which can allow writing beyond the allocated buffer. This may enable arbitrary code execution on the affected ...
CVE-2024-11268
CVE-2024-11268 concerns Autodesk Revit. A maliciously crafted PDF parsed by Revit can trigger an Out-of-Bounds Read, with the impact described as a crash or arbitrary memory leak. Documented measurements assign a Medium base score (CVSS 3.1) with local attack vector and user interaction required....
CVE-2025-1274
Autodesk Revit is affected by CVE-2025-1274 via parsing of malicious RCS files, causing an Out-of-Bounds Write that can crash, corrupt data, or allow arbitrary code execution in the process. Affected product: Autodesk Revit (RCS parsing). Root cause: out-of-bounds write. Impact: crash, data corru...
CVE-2021-40165
Summary: CVE-2021-40165 affects Autodesk Image Processing components. A crafted TIFF/PICT/TGA/RLC file can cause a write past the allocated buffer during parsing, potentially allowing arbitrary code execution. The CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, low attack complexity, ...
CVE-2025-1273
The CVE-2025-1273 issue affects Autodesk applications (notably when handling PDFs) due to a heap-based overflow in the PDF parsing path. A maliciously crafted PDF that is linked or imported can trigger a heap overflow, enabling a crash, potential data leakage, or arbitrary code execution within t...
CVE-2023-25002
CVE-2023-25002 concerns a use-after-free vulnerability triggered by a malicious SKP file in Autodesk products. Affected software is Autodesk products that process SKP files (e.g., Autodesk 3ds Max, Navisworks, SKP-related components) per multiple sources in the Connected set. Root cause is a use-...
CVE-2024-11608
CVE-2024-11608 relates to Autodesk Revit and is triggered by a maliciously crafted SKP file that is linked or imported into Revit, leading to a heap-based overflow. The vulnerability can allow a crash, reading of sensitive data, or execution of arbitrary code within the current process. Descripti...
CVE-2025-2497
CVE-2025-2497 relates to Autodesk Revit parsing a malicious DWG file, causing a Stack-Based Buffer Overflow and enabling arbitrary code execution in the context of the current process. Affected product: Autodesk Revit (DWG parsing functionality). Root cause: stack-based overflow triggered during ...
CVE-2025-1276
CVE-2025-1276 : A maliciously crafted DWG file, when parsed by Autodesk applications, can trigger an Out-of-Bounds Write vulnerability. Impacted behavior includes a crash, data corruption, or arbitrary code execution in the context of the affected process. The root cause is an out-of-bounds write...
CVE-2025-1277
CVE-2025-1277 is a memory corruption vulnerability in Autodesk applications triggered when parsing malicious PDF files, enabling arbitrary code execution in the affected process. Public sources describe the root cause as a PDF parsing issue leading to memory corruption; the attack vector is Local...
CVE-2025-5036
Autodesk Revit is affected by CVE-2025-5036 due to a Use-After-Free in RFA file parsing. A maliciously crafted RFA file linked or imported into Revit can crash the process, read sensitive data, or execute arbitrary code in the current process. Exploitation requires user interaction and local acce...
CVE-2023-25004
CVE-2023-25004 involves a maliciously crafted pskernel.dll in Autodesk products that triggers an integer overflow vulnerability, potentially enabling code execution. Connected advisories document affected Autodesk components such as InfraWorks and VRED variants and describe exploitation possibili...
CVE-2024-11454
CVE-2024-11454 is an untrusted search path vulnerability in Autodesk Revit. A maliciously crafted DLL placed in the same directory as an RVT file could be loaded by Revit, allowing arbitrary code execution in the current process due to an untrusted search path being used. The available documents ...
CVE-2024-7994
CVE-2024-7994 affects Autodesk Revit via a stack-based buffer overflow in the parsing of RFA files. A maliciously crafted RFA file can cause a crash, potentially read sensitive data, or execute arbitrary code in the Revit process. Public details consistently identify the vulnerable component as t...
CVE-2024-37008
The CVE describes a stack-based buffer overflow in Autodesk Revit triggered by parsing a malicious DWG file, enabling arbitrary code execution in the current process. Connected PT-Security data specifies affected Autodesk Revit versions prior to 2025 and provides remediation guidance: patch to fi...
CVE-2024-7993
CVE-2024-7993 affects Autodesk Revit via a PDF parsing Out-of-Bounds Write. The vulnerability allows a malicious PDF to cause a crash, data corruption, or arbitrary code execution within the process. Impact : high (data confidentiality, integrity, availability affected). Access/Exploit : local at...
CVE-2005-4710
Technical details for CVE-2005-4710 are not publicly available in the provided documents. Monitor for updates from official sources; no specific affected products, vulnerable components, exploits, or fixes are disclosed here.
CVE-2025-5037
CVE-2025-5037 affects Autodesk Revit; a maliciously crafted RFA/RTE/RVT file can trigger a memory corruption vulnerability, enabling arbitrary code execution in the current process. The CVSS vector in the initial entry indicates local access, user interaction required, and high impact to confiden...
CVE-2025-5039
The CVE-2025-5039 issue is described as a vulnerability in Autodesk applications where loading files with a maliciously crafted binary can trigger arbitrary code execution in the current process due to an untrusted search path. Affected products include Autodesk Navisworks Manage and other Autode...
CVE-2025-8894
CVE-2025-8894 describes a heap-based overflow when parsing specially crafted PDF files in Autodesk products. The vulnerability affects Autodesk software that handles PDF parsing (e.g., Autodesk Revit and related components) and can lead to a crash, disclosure of sensitive data, or execution of ar...
CVE-2026-1288
The CVE-2026-1288 entry concerns Autodesk Revit. A maliciously crafted RFA file, when converted to FormIt via “Convert RFA to FormIt” in Revit, can trigger a NULL pointer dereference in the processing path. Exploitation may crash the application, resulting in a denial-of-service condition. The pr...
CVE-2025-8893
CVE-2025-8893 describes an Out-of-Bounds Write in Autodesk products triggered by parsing a malicious PDF. The issue affects Autodesk software that processes PDFs; root cause is a vulnerability in PDF parsing potentially allowing a local attacker to crash, corrupt data, or execute arbitrary code i...
CVE-2025-5040
Autodesk Revit is affected by CVE-2025-5040: parsing a malicious RTE file can trigger a Heap-Based Overflow in the RTE parser, potentially causing a crash, reading sensitive data, or executing arbitrary code in the current process. Several connected sources corroborate heap overflow/RCE vectors v...
CVE-2025-5042
CVE-2025-5042 concerns Autodesk Revit. A maliciously crafted RFA file parsed by Revit can trigger an Out-of-Bounds Read, potentially crashing the process, reading sensitive data, or executing arbitrary code in the current process context. This is evidenced across multiple connected sources descri...
CVE-2025-8354
CVE-2025-8354 affects Autodesk Revit via a parsing-type confusion in RFA files. The vulnerability is triggered by a maliciously crafted RFA file, with exploitation described as leading to a crash, data corruption, or arbitrary code execution in the current process. CVSS 3.1 indicates a Local atta...