VYPR
Vendor

Autodesk

Products
78
CVEs
319
Across products
1,174
Status
Private

Products

78
View all 78 products →

Recent CVEs

319
View all 319 CVEs →
  • CVE-2016-9307CriJan 25, 2017
    risk 0.64cvss 9.8epss 0.02

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.

  • CVE-2016-9306CriJan 25, 2017
    risk 0.64cvss 9.8epss 0.02

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.

  • CVE-2016-9305CriJan 25, 2017
    risk 0.64cvss 9.8epss 0.01

    Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.

  • CVE-2016-9303CriJan 25, 2017
    risk 0.64cvss 9.8epss 0.04

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.

  • CVE-2016-9304HigJan 25, 2017
    risk 0.57cvss 8.8epss 0.02

    Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.

  • CVE-2026-0661HigFeb 4, 2026
    risk 0.55cvss 8.4epss 0.00

    A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-0660HigFeb 4, 2026
    risk 0.55cvss 8.4epss 0.00

    A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-0538HigFeb 4, 2026
    risk 0.55cvss 8.4epss 0.00

    A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-0537HigFeb 4, 2026
    risk 0.55cvss 8.4epss 0.00

    A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-0535HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.01

    A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or…

  • CVE-2026-0534HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.00

    A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute…

  • CVE-2026-0533HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.01

    A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…

  • CVE-2026-7454HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-7452HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2026-7451HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

  • CVE-2026-0659HigFeb 4, 2026
    risk 0.51cvss 7.8epss 0.00

    A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

  • CVE-2016-2344HigMar 28, 2016
    risk 0.49cvss 7.5epss 0.04

    Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in…

  • CVE-2026-4369HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage…

  • CVE-2026-4345HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary…

  • CVE-2026-4344HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…