Autodesk
Products
78- 141 CVEs
- 104 CVEs
- 103 CVEs
- 103 CVEs
- 103 CVEs
- 103 CVEs
- 102 CVEs
- 102 CVEs
- 99 CVEs
- 35 CVEs
- 34 CVEs
- 22 CVEs
- 22 CVEs
- 18 CVEs
- 15 CVEs
- 9 CVEs
- 8 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- View all 78 products →
Recent CVEs
319| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9307 | Cri | 0.64 | 9.8 | 0.02 | Jan 25, 2017 | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files. | ||
| CVE-2016-9306 | Cri | 0.64 | 9.8 | 0.02 | Jan 25, 2017 | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files. | ||
| CVE-2016-9305 | Cri | 0.64 | 9.8 | 0.01 | Jan 25, 2017 | Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers. | ||
| CVE-2016-9303 | Cri | 0.64 | 9.8 | 0.04 | Jan 25, 2017 | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files. | ||
| CVE-2016-9304 | Hig | 0.57 | 8.8 | 0.02 | Jan 25, 2017 | Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files. | ||
| CVE-2026-0661 | Hig | 0.55 | 8.4 | 0.00 | Feb 4, 2026 | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-0660 | Hig | 0.55 | 8.4 | 0.00 | Feb 4, 2026 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-0538 | Hig | 0.55 | 8.4 | 0.00 | Feb 4, 2026 | A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-0537 | Hig | 0.55 | 8.4 | 0.00 | Feb 4, 2026 | A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-0535 | Hig | 0.53 | 8.1 | 0.01 | Jan 22, 2026 | A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or… | ||
| CVE-2026-0534 | Hig | 0.53 | 8.1 | 0.00 | Jan 22, 2026 | A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute… | ||
| CVE-2026-0533 | Hig | 0.53 | 8.1 | 0.01 | Jan 22, 2026 | A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this… | ||
| CVE-2026-7454 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-7452 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2026-7451 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | ||
| CVE-2026-0659 | Hig | 0.51 | 7.8 | 0.00 | Feb 4, 2026 | A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||
| CVE-2016-2344 | Hig | 0.49 | 7.5 | 0.04 | Mar 28, 2016 | Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in… | ||
| CVE-2026-4369 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage… | ||
| CVE-2026-4345 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary… | ||
| CVE-2026-4344 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this… |
- risk 0.64cvss 9.8epss 0.02
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.
- risk 0.64cvss 9.8epss 0.02
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.
- risk 0.64cvss 9.8epss 0.01
Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.
- risk 0.64cvss 9.8epss 0.04
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.
- risk 0.57cvss 8.8epss 0.02
Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.
- risk 0.55cvss 8.4epss 0.00
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
- risk 0.55cvss 8.4epss 0.00
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
- risk 0.55cvss 8.4epss 0.00
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
- risk 0.55cvss 8.4epss 0.00
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
- risk 0.53cvss 8.1epss 0.01
A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or…
- risk 0.53cvss 8.1epss 0.00
A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute…
- risk 0.53cvss 8.1epss 0.01
A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…
- risk 0.51cvss 7.8epss 0.00
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
- risk 0.51cvss 7.8epss 0.00
A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
- risk 0.51cvss 7.8epss 0.00
A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
- risk 0.51cvss 7.8epss 0.00
A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
- risk 0.49cvss 7.5epss 0.04
Stack-based buffer overflow in manager.exe in Backburner Manager in Autodesk Backburner 2016 2016.0.0.2150 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted command. NOTE: this is only a vulnerability in…
- risk 0.46cvss 7.1epss 0.00
A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage…
- risk 0.46cvss 7.1epss 0.00
A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary…
- risk 0.46cvss 7.1epss 0.00
A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this…