3ds Max
Sign in to watchby Autodesk
CVEs (13)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-3577 | 0.03 | — | 0.04 | Nov 24, 2009 | Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks." | ||
| CVE-2026-0536 | 0.00 | — | 0.00 | Feb 4, 2026 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-0662 | 0.00 | — | 0.00 | Feb 4, 2026 | A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized. | ||
| CVE-2026-0660 | 0.00 | — | 0.00 | Feb 4, 2026 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-0661 | 0.00 | — | 0.00 | Feb 4, 2026 | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-0537 | 0.00 | — | 0.00 | Feb 4, 2026 | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-0538 | 0.00 | — | 0.00 | Feb 4, 2026 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2025-11797 | 0.00 | — | 0.00 | Nov 12, 2025 | A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||
| CVE-2025-11795 | 0.00 | — | 0.00 | Nov 12, 2025 | A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2025-6634 | 0.00 | — | 0.00 | Aug 6, 2025 | A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2025-6633 | 0.00 | — | 0.00 | Aug 6, 2025 | A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||
| CVE-2025-6632 | 0.00 | — | 0.00 | Aug 6, 2025 | A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | ||
| CVE-2005-4710 | 0.00 | — | 0.00 | Dec 31, 2005 | Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329. |