CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Autodesk : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-40161 427 Exec Code Mem. Corr. 2021-12-23 2022-01-10
4.4
None Local Medium Not required Partial Partial Partial
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDF earlier than 9.0.7 version.
2 CVE-2021-40160 Exec Code 2021-12-23 2022-01-10
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted PDF file prior to 9.0.7 may be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.
3 CVE-2021-40157 476 2021-09-15 2021-09-27
9.3
None Remote Medium Not required Complete Complete Complete
A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.
4 CVE-2021-40156 787 Exec Code 2021-09-15 2021-09-28
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
5 CVE-2021-40155 125 Exec Code 2021-09-15 2021-09-28
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
6 CVE-2021-27046 787 Exec Code Mem. Corr. 2021-09-15 2021-09-28
4.4
None Local Medium Not required Partial Partial Partial
A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.
7 CVE-2021-27045 125 Exec Code 2021-09-15 2021-09-28
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.
8 CVE-2021-27044 787 Exec Code 2021-09-15 2021-09-27
6.8
None Remote Medium Not required Partial Partial Partial
A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.
9 CVE-2021-27043 668 2021-06-25 2021-07-01
4.3
None Remote Medium Not required None Partial None
An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application.
10 CVE-2021-27042 755 Exec Code 2021-06-25 2021-07-01
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. The vulnerability exists because the application fails to handle a crafted DWG file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.
11 CVE-2021-27041 787 Exec Code 2021-06-25 2021-11-02
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG files. This vulnerability can be exploited to execute arbitrary code.
12 CVE-2021-27040 787 Exec Code 2021-06-25 2021-11-02
4.3
None Remote Medium Not required Partial None None
A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DWG file. This vulnerability can be exploited to execute arbitrary code.
13 CVE-2021-27039 787 Exec Code 2021-07-09 2021-12-02
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.
14 CVE-2021-27038 843 Exec Code 2021-07-09 2021-12-02
6.8
None Remote Medium Not required Partial Partial Partial
A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. An attacker can leverage this to execute arbitrary code.
15 CVE-2021-27037 416 Exec Code 2021-07-09 2021-12-02
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability can be exploited by remote attackers to execute arbitrary code.
16 CVE-2021-27036 787 Exec Code 2021-07-09 2021-12-06
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted PCX, PICT, RCL or TIFF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL or TIFF files. This vulnerability can be exploited to execute arbitrary code.
17 CVE-2021-27035 787 Exec Code 2021-07-09 2021-12-06
6.8
None Remote Medium Not required Partial Partial Partial
A maliciously crafted TIFF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability can be exploited to execute arbitrary code.
18 CVE-2021-27034 787 Exec Code Overflow 2021-07-09 2021-12-08
6.8
None Remote Medium Not required Partial Partial Partial
A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. This vulnerability can be exploited to execute arbitrary code.
19 CVE-2021-27033 415 Exec Code 2021-07-09 2021-07-20
6.8
None Remote Medium Not required Partial Partial Partial
A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
20 CVE-2021-27032 276 2021-05-28 2021-06-17
7.2
None Local Low Not required Complete Complete Complete
Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissions could allow all users on the operating system to modify the service configuration and take ownership of the service.
21 CVE-2021-27031 416 2021-04-19 2021-09-16
9.3
None Remote Medium Not required Complete Complete Complete
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in FBX's Review causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
22 CVE-2021-27030 22 Exec Code Dir. Trav. 2021-04-19 2021-09-16
9.3
None Remote Medium Not required Complete Complete Complete
A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remote Code Execution vulnerability in FBX’s Review causing it to run arbitrary code on the system.
23 CVE-2021-27029 476 DoS 2021-04-19 2021-09-16
4.3
None Remote Medium Not required None None Partial
The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereference vulnerability in FBX's Review version 1.5.0 and prior causing the application to crash leading to a denial of service.
24 CVE-2021-27028 787 Exec Code Mem. Corr. 2021-04-19 2021-09-16
6.8
None Remote Medium Not required Partial Partial Partial
A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote code execution through maliciously crafted DLL files.
25 CVE-2021-27027 125 Exec Code 2021-04-19 2021-09-16
6.8
None Remote Medium Not required Partial Partial Partial
An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code execution through maliciously crafted DLL files or information disclosure.
26 CVE-2020-7085 787 Exec Code Overflow 2020-04-17 2020-04-21
9.3
None Remote Medium Not required Complete Complete Complete
A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it.
27 CVE-2020-7084 476 DoS 2020-04-17 2020-04-21
4.3
None Remote Medium Not required None None Partial
A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
28 CVE-2020-7083 190 DoS Overflow 2020-04-17 2020-04-23
4.3
None Remote Medium Not required None None Partial
An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application.
29 CVE-2020-7082 416 Exec Code 2020-04-17 2020-04-23
9.3
None Remote Medium Not required Complete Complete Complete
A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it.
30 CVE-2020-7081 704 2020-04-17 2020-04-23
9.3
None Remote Medium Not required Complete Complete Complete
A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitary code read/write on the system running it.
31 CVE-2020-7080 120 Exec Code Overflow 2020-04-17 2020-04-21
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it.
32 CVE-2020-7079 426 Exec Code 2020-04-17 2020-04-23
4.4
None Local Medium Not required Partial Partial Partial
An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may lead to code execution through maliciously crafted DLL files.
33 CVE-2019-7366 120 Overflow 2019-12-03 2019-12-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow vulnerability in Autodesk FBX Software Development Kit version 2019.5. A user may be tricked into opening a malicious FBX file which may exploit a buffer overflow vulnerability causing it to run arbitrary code on the system.
34 CVE-2019-7365 426 Exec Code 2019-12-03 2021-07-21
4.4
None Local Medium Not required Partial Partial Partial
DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system.
35 CVE-2019-7364 427 Exec Code 2019-08-23 2019-09-03
6.8
None Remote Medium Not required Partial Partial Partial
DLL preloading vulnerability in versions 2017, 2018, 2019, and 2020 of Autodesk Advanced Steel, Civil 3D, AutoCAD, AutoCAD LT, AutoCAD Architecture, AutoCAD Electrical, AutoCAD Map 3D, AutoCAD Mechanical, AutoCAD MEP, AutoCAD Plant 3D and version 2017 of AutoCAD P&ID. An attacker may trick a user into opening a malicious DWG file that may leverage a DLL preloading vulnerability in AutoCAD which may result in code execution.
36 CVE-2019-7363 416 Exec Code 2019-08-23 2019-08-30
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution.
37 CVE-2019-7362 426 Exec Code 2019-08-23 2021-07-21
6.8
None Remote Medium Not required Partial Partial Partial
DLL preloading vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a DLL preloading vulnerability, which may result in code execution.
38 CVE-2019-7361 502 Exec Code 2019-04-09 2019-04-11
6.8
None Remote Medium Not required Partial Partial Partial
An attacker may convince a victim to open a malicious action micro (.actm) file that has serialized data, which may trigger a code execution in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018.
39 CVE-2019-7360 416 Exec Code 2019-04-09 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may trigger a use-after-free, resulting in code execution.
40 CVE-2019-7359 787 Exec Code Overflow 2019-04-09 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability in the AcCellMargin handling code in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file with too many cell margins populating an AcCellMargin object may cause a heap overflow, resulting in code execution.
41 CVE-2019-7358 787 Exec Code Overflow 2019-04-09 2020-08-24
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability in the DXF-parsing functionality in Autodesk Advance Steel 2018, Autodesk AutoCAD 2018, Autodesk AutoCAD Architecture 2018, Autodesk AutoCAD Electrical 2018, Autodesk AutoCAD Map 3D 2018, Autodesk AutoCAD Mechanical 2018, Autodesk AutoCAD MEP 2018, Autodesk AutoCAD P&ID 2018, Autodesk AutoCAD Plant 3D 2018, Autodesk AutoCAD LT 2018, and Autodesk Civil 3D 2018. A specially crafted DXF file may cause a heap overflow, resulting in code execution.
42 CVE-2016-9307 119 Exec Code Overflow 2017-01-25 2017-01-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.
43 CVE-2016-9306 119 Exec Code Overflow 2017-01-25 2017-01-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.
44 CVE-2016-9305 19 2017-01-25 2017-01-28
7.5
None Remote Low Not required Partial Partial Partial
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
45 CVE-2016-9304 119 Exec Code Overflow 2017-01-25 2017-01-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.
46 CVE-2016-9303 119 Exec Code Overflow 2017-01-25 2017-01-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
47 CVE-2016-2344 119 DoS Exec Code Overflow 2016-03-28 2016-12-03
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.
48 CVE-2015-8572 119 Exec Code Overflow 2015-12-15 2015-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file.
49 CVE-2015-8571 189 Exec Code Overflow 2015-12-15 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.
50 CVE-2014-9268 20 Exec Code 2014-12-08 2015-12-16
6.8
None Remote Medium Not required Partial Partial Partial
The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) before 2013 Hotfix 1 allows remote attackers to execute arbitrary code via a crafted DWF file.
Total number of vulnerabilities : 66   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.